1SLAPPW-ARGON2(5)              File Formats Manual             SLAPPW-ARGON2(5)
2
3
4

NAME

6       slappw-argon2 - Argon2 password module to slapd
7

SYNOPSIS

9       /etc/openldap/slapd.conf
10
11              moduleload argon2 [<parameters>]
12

DESCRIPTION

14       The  argon2  module to slapd(8) provides support for the use of the key
15       derivation function Argon2, that was selected  as  the  winner  of  the
16       Password  Hashing  Competition  in  July  2015,  in hashed passwords in
17       OpenLDAP.
18
19       It does so by providing the additional password scheme {ARGON2} for use
20       in slapd.
21
22

CONFIGURATION

24       The  argon2  module does not need any configuration, but it can be con‐
25       figured by giving the following parameters:
26
27       m=<memory>
28              Set memory usage to <memory> kiB.
29
30       p=<parallelism>
31              Set parallelism to <parallelism>  threads.  Currently  supported
32              only when linked with libargon2.
33
34       t=<iterations>
35              Set the number of iterations to <iterations>.
36
37       These  replace  defaults  when preparing hashes for new passwords where
38       possible.
39
40       After loading the module, the password scheme {ARGON2} will  be  recog‐
41       nised in values of the userPassword attribute.
42
43       You  can  then instruct OpenLDAP to use this scheme when processing the
44       LDAPv3 Password Modify (RFC 3062)  extended  operations  by  using  the
45       password-hash option in slapd.conf(5):
46
47              password-hash {ARGON2}
48
49   NOTES
50       If you want to use the scheme described here with slappasswd(8), remem‐
51       ber to load the module using its command line  options.   The  relevant
52       option/value is:
53
54              -o module-load=argon2
55
56       Or if non-default parameters are required:
57
58              -o module-load="argon2 [<param>...]"
59
60       Depending on argon2's location, you may also need:
61
62              -o module-path=pathspec
63
64

EXAMPLES

66       Both  userPassword  LDAP  attributes below encode the password 'secret'
67       using different salts:
68
69       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
70
71       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw
72
73

SEE ALSO

75       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),
76
77       "OpenLDAP Administrator's Guide" ⟨http://www.OpenLDAP.org/doc/
78

ACKNOWLEDGEMENTS

80       This manual page has been written by Peter Marschall based on the  mod‐
81       ule's README file written by Simon Levermann ⟨simon@levermann.de⟩.
82
83       OpenLDAP   is   developed   and  maintained  by  The  OpenLDAP  Project
84http://www.openldap.org/⟩.  OpenLDAP is  derived  from  University  of
85       Michigan LDAP 3.3 Release.
86
87
88
89OpenLDAP 2.6.6                    2023/07/31                  SLAPPW-ARGON2(5)
Impressum