Commit 997ff449 authored by Peter Marschall's avatar Peter Marschall Committed by Quanah Gibson-Mount
Browse files

ITS#9203 contrib/passwd/argon2: add manual page



Add manual page slapd-pw-argon2.5 and make sure it gets installed.
Signed-off-by: default avatarPeter Marschall <peter@adpm.de>
parent b643f7fc
...@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ ...@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
$(LDAP_BUILD)/libraries/liblber/liblber.la $(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc CC = gcc
OPT = -g -O2 -Wall OPT = -g -O2 -Wall
#DEFS = -DSLAPD_ARGON2_DEBUG #DEFS = -DSLAPD_ARGON2_DEBUG
...@@ -27,6 +28,7 @@ $(error Unsupported implementation $(implementation)) ...@@ -27,6 +28,7 @@ $(error Unsupported implementation $(implementation))
endif endif
PROGRAMS = pw-argon2.la PROGRAMS = pw-argon2.la
MANPAGES = slapd-pw-argon2.5
LTVER = 0:0:0 LTVER = 0:0:0
#prefix=/usr/local #prefix=/usr/local
...@@ -38,6 +40,8 @@ ldap_subdir=/openldap ...@@ -38,6 +40,8 @@ ldap_subdir=/openldap
libdir=$(exec_prefix)/lib libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir) moduledir = $(libexecdir)$(ldap_subdir)
mandir = $(exec_prefix)/share/man
man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo .SUFFIXES: .c .o .lo
...@@ -53,8 +57,16 @@ pw-argon2.la: pw-argon2.lo ...@@ -53,8 +57,16 @@ pw-argon2.la: pw-argon2.lo
clean: clean:
rm -rf *.o *.lo *.la .libs rm -rf *.o *.lo *.la .libs
install: $(PROGRAMS) install: install-lib install-man FORCE
install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir) mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \ for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done done
install-man: $(MANPAGES)
mkdir -p $(DESTDIR)$(man5dir)
$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
FORCE:
.TH SLAPD-PW-ARGON2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2020 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd-pw-argon2 \- Argon2 password module to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.RS
.LP
.B moduleload pw-argon2
.RI [ <parameters> ]
.RE
.SH DESCRIPTION
.LP
The
.B pw-argon2
module to
.BR slapd (8)
provides support for the use of the key derivation function Argon2,
that was selected as the winner of the Password Hashing Competition in July 2015,
in hashed passwords in OpenLDAP.
.LP
It does so by providing the additional password scheme
.B {ARGON2}
for use in slapd.
.SH CONFIGURATION
The
.B pw-argon2
module does not need any configuration,
but it can be configured by giving the following parameters:
.TP
.BI m= <memory>
Set memory usage to
.I <memory>
kiB.
If not given, it defaults to
.BR 4096 .
.TP
.BI p= <parallelism>
Set parallelism to
.I <parallelism>
threads.
If not given, it defaults to
.BR 1 .
.TP
.BI t= <iterations>
Set the number of iterations to
.IR <iterations> .
If not given, it defaults to
.BR 3 .
.LP
After loading the module, the password scheme
.B {ARGON2}
will be recognised in values of the
.I userPassword
attribute.
.LP
You can then instruct OpenLDAP to use this scheme when processing
the LDAPv3 Password Modify (RFC 3062) extended operations by using the
.BR password-hash
option in
.BR slapd.conf (5):
.RS
.LP
.B password\-hash {ARGON2}
.RE
.LP
.SS NOTES
If you want to use the scheme described here with
.BR slappasswd (8),
remember to load the module using its command line options.
The relevant option/value is:
.RS
.LP
.B \-o
.BR module\-load = pw-argon2
.LP
.RE
Depending on
.BR pw-argon2 's
location, you may also need:
.RS
.LP
.B \-o
.BR module\-path = \fIpathspec\fP
.RE
.SH EXAMPLES
Both userPassword LDAP attributes below encode the password
.RI ' secret '
using different salts:
.EX
.LP
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
.LP
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHRzYWx0$qOCkx9nMeFlaGOO4DUmPDgrlUbgMMuO9T1+vQCFuyzw
.EE
.SH SEE ALSO
.BR slapd.conf (5),
.BR ldappasswd (1),
.BR slappasswd (8),
.BR ldap (3),
.LP
.UR http://www.OpenLDAP.org/doc/
"OpenLDAP Administrator's Guide"
.UE
.LP
.SH ACKNOWLEDGEMENTS
This manual page has been written by Peter Marschall based on the
module's README file written by
.MT simon@levermann.de
Simon Levermann
.ME .
.LP
.B OpenLDAP
is developed and maintained by
.UR http://www.openldap.org/
The OpenLDAP Project
.UE .
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment