slappw-argon2(5) - Man pages

dwww Home | Manual pages | Find package
SLAPPW-ARGON2(5)              File Formats Manual              SLAPPW-ARGON2(5)

NAME
       slappw-argon2 - Argon2 password module to slapd

SYNOPSIS
       /etc/ldap/slapd.conf

              moduleload argon2 [<parameters>]

DESCRIPTION
       The  argon2  module  to slapd(8) provides support for the use of the key
       derivation function Argon2, that was selected as the winner of the Pass-
       word Hashing Competition in July 2015, in hashed passwords in OpenLDAP.

       It does so by providing the additional password scheme {ARGON2} for  use
       in slapd.

CONFIGURATION
       The argon2 module does not need any configuration, but it can be config-
       ured by giving the following parameters:

       m=<memory>
              Set memory usage to <memory> kiB.

       p=<parallelism>
              Set  parallelism  to  <parallelism>  threads. Currently supported
              only when linked with libargon2.

       t=<iterations>
              Set the number of iterations to <iterations>.

       These replace defaults when preparing hashes  for  new  passwords  where
       possible.

       After  loading  the  module, the password scheme {ARGON2} will be recog-
       nised in values of the userPassword attribute.

       You can then instruct OpenLDAP to use this scheme  when  processing  the
       LDAPv3 Password Modify (RFC 3062) extended operations by using the pass-
       word-hash option in slapd.conf(5):

              password-hash {ARGON2}

   NOTES
       If  you want to use the scheme described here with slappasswd(8), remem-
       ber to load the module using its command line options.  The relevant op-
       tion/value is:

              -o module-load=argon2

       Or if non-default parameters are required:

              -o module-load="argon2 [<param>...]"

       Depending on argon2's location, you may also need:

              -o module-path=pathspec

EXAMPLES
       Both userPassword LDAP attributes below encode the password 'secret' us-
       ing different salts:

       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng

       userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw

SEE ALSO
       slapd.conf(5), ldappasswd(1), slappasswd(8), ldap(3),

       ]8;;http://www.OpenLDAP.org/doc/\"OpenLDAP Administrator's Guide"]8;;\

ACKNOWLEDGEMENTS
       This manual page has been written by Peter Marschall based on  the  mod-
       ule's README file written by ]8;;mailto:simon@levermann.de\Simon Levermann]8;;\.

       OpenLDAP  is developed and maintained by ]8;;http://www.openldap.org/\The OpenLDAP Project]8;;\.  OpenLDAP
       is derived from University of Michigan LDAP 3.3 Release.

OpenLDAP 2.6.10+dfsg-1             2025/05/22                  SLAPPW-ARGON2(5)
Generated by dwww version 1.16 on Tue Dec 16 07:30:45 CET 2025.