Administration GuideManage User Accounts and PasswordsAdminister Passwords › Choose an Encryption Method for Passwords Stored in a DSA

Previous Topic: How Password Encryption Works

Next Topic: Convert Passwords Already in a DSA to a New Encryption Method

Choose an Encryption Method for Passwords Stored in a DSA

User accounts are entries in the directory with the userPassword attribute.

By default, the passwords stored in the userPassword attribute are encrypted using SHA-1.

However, you can use a different encryption scheme to encrypt these passwords. To do this, you need to create a password rule that specifies the encryption scheme. Each password is encrypted with the new scheme when it is next updated.

To choose a encryption method for passwords stored in a DSA

  1. Ensure that the DSA is running.
  2. Add the following command to the dsaname.dxc file: 
    set password-storage = sha-1 | sha-512 | ssha-512 | md5 | smd5 | ssha-1 | crypt | none;
  3. Stop and start the DSA.

    Passwords that have already been encrypted are not updated automatically. The next time that a password is updated, it is encrypted using the new scheme.

More information:

DXmodify Tool—Add New or Changed Information to a Directory