Bug 1436973

Summary: [DS 10.1.1] PBKDF2_SHA256 password storage scheme
Product: Red Hat Directory Server Reporter: Marc Muehlfeld <mmuehlfe>
Component: Doc-release-notesAssignee: Marc Muehlfeld <mmuehlfe>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 10.1CC: mreynolds, pasik, rhel-docs, rkratky
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Directory Server now supports the *PBKDF2_SHA256* password storage scheme To increase security, this update adds the 256-bit password-based key derivation function 2 (PBKDF2_SHA256) to the list of supported password-storage schemes in Directory Server. The scheme uses 30,000 iterations to apply the 256-bit secure hash algorithm (SHA256). Note that the network security service (NSS) database in Red Hat Enterprise Linux prior to version 7.4 does not support PBKDF2. Therefore, you cannot use this password scheme in a replication topology with previous Directory Server versions.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 08:07:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1425467    

Description Marc Muehlfeld 2017-03-29 07:09:06 UTC 
Red Hat Directory Server 10.1.1 adds PBKDF2_SHA256 to the list of supported password storage schemes.

Upstream ticket:
https://pagure.io/389-ds-base/issue/397

This ticket is to document the release note for this feature.
Comment 5 Robert Krátký 2017-04-24 10:10:37 UTC 
RN text nitpick fixes.
Comment 7 Marc Muehlfeld 2017-08-01 08:07:26 UTC 
The update is now available on the Customer Portal.