<?xml version="1.0" encoding="UTF-8"?>
<!--
  ! CDDL HEADER START
  !
  ! The contents of this file are subject to the terms of the
  ! Common Development and Distribution License, Version 1.0 only
  ! (the "License").  You may not use this file except in compliance
  ! with the License.
  !
  ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
  ! or http://forgerock.org/license/CDDLv1.0.html.
  ! See the License for the specific language governing permissions
  ! and limitations under the License.
  !
  ! When distributing Covered Code, include this CDDL HEADER in each
  ! file and include the License file at legal-notices/CDDLv1_0.txt.
  ! If applicable, add the following below this CDDL HEADER, with the
  ! fields enclosed by brackets "[]" replaced with your own identifying
  ! information:
  !      Portions Copyright [yyyy] [name of copyright owner]
  !
  ! CDDL HEADER END
  !
  !
  !      Copyright 2007-2008 Sun Microsystems, Inc.
  !      Portions Copyright 2011 ForgeRock AS
  ! -->
<adm:managed-object name="md5-password-storage-scheme"
  plural-name="md5-password-storage-schemes"
  package="org.forgerock.opendj.server.config"
  extends="password-storage-scheme"
  xmlns:adm="http://opendj.forgerock.org/admin"
  xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provides a mechanism for encoding user passwords using an unsalted
    form of the MD5 message digest algorithm. Because the implementation
    does not use any kind of salting mechanism, a given password always
    has the same encoded form.
  </adm:synopsis>
  <adm:description>
    This scheme contains only an implementation for the user password
    syntax, with a storage scheme name of "MD5". Although the MD5 digest
    algorithm is relatively secure, recent cryptanalysis work has
    identified mechanisms for generating MD5 collisions. This does not
    impact the security of this algorithm as it is used in <adm:product-name />,
    but it is recommended that the MD5 password storage scheme only be used if
    client applications require it for compatibility purposes, and that a
    stronger digest like SSHA or SSHA256 be used for environments in which
    MD5 support is not required.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>
      <ldap:name>ds-cfg-md5-password-storage-scheme</ldap:name>
      <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
    </ldap:object-class>
  </adm:profile>
  <adm:property-override name="java-class" advanced="true">
    <adm:default-behavior>
      <adm:defined>
        <adm:value>
          org.opends.server.extensions.MD5PasswordStorageScheme
        </adm:value>
      </adm:defined>
    </adm:default-behavior>
  </adm:property-override>
</adm:managed-object>