Previous Topic: Password EncryptionNext Topic: Choose an Encryption Method for Passwords Stored in a DSA

Administration GuideManage User Accounts and PasswordsPassword EncryptionHow Password Encryption Works

How Password Encryption Works

When users add a password to their account, the following happens:

  1. A user binds to a DSA.
  2. The user adds a password to his or her user account.
  3. The DSA encrypts the password, and then stores the encrypted password in the userPassword attribute.

    The encrypted password includes the name of the encryption scheme.

By default, DSAs use salted SHA-512 to encrypt passwords, but you can change to a different scheme if you prefer.

Note: Before CA Directory r12 SP11, DSAs used SHA-1 by default. From CA Directory r12 SP12 onwards, all new and updated passwords are encrypted with salted SHA-512.

More information:

DXmodify Tool—Add New or Changed Information to a Directory

set password-storage Command