<?xml version="1.0" encoding="UTF-8"?>
<!--
! CCPL HEADER START
!
! This work is licensed under the Creative Commons
! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
! To view a copy of this license, visit
! or send a letter to Creative Commons, 444 Castro Street,
! Suite 900, Mountain View, California, 94041, USA.
!
! You can also obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! If applicable, add the following below this CCPL HEADER, with the fields
! enclosed by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CCPL HEADER END
!
! Copyright 2011-2012 ForgeRock AS
! Portions Copyright 2013 Jens Elkner
!
-->
version="5.0" xml:lang="en"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refmeta>
<refentrytitle><application>encode-password</application></refentrytitle>
</refmeta>
<refnamediv>
<refname><application>encode-password</application></refname>
<refpurpose>encode a password with an OpenDJ storage scheme</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>encode-password</command>
<arg>-a</arg>
<arg>-c <replaceable class="parameter">clearPw</replaceable></arg>
<arg>-e <replaceable class="parameter">encPw</replaceable></arg>
<arg>-E <replaceable class="parameter">encPwFile</replaceable></arg>
<arg>-f <replaceable class="parameter">clearPwFile</replaceable></arg>
<arg>-i</arg>
<arg>-l</arg>
<arg>-r</arg>
<arg>-s <replaceable class="parameter">scheme</replaceable></arg>
xpointer='xpointer(//para[@name="s-general"]/*)'/>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This utility can be used to encode user passwords with a specified storage
scheme, or to determine whether a given clear-text value matches a provided
encoded password.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
The following global options are supported.
</para>
<variablelist>
<varlistentry>
<term><option>-a, --authPasswordSyntax</option></term>
<listitem>
<para>
Use the authentication password syntax rather than the user password syntax.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-c, --clearPassword</option> <replaceable
class="parameter">password</replaceable></term>
<listitem>
<para>
Clear-text password to encode or to compare against an encoded password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-e, --encodedPassword</option> <replaceable
class="parameter">password</replaceable></term>
<listitem>
<para>
Encoded password to compare against the clear-text password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-E, --encodedPasswordFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
File which contains the encoded password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-f, --clearPasswordFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
File which contains the clear-text password.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-i, --interactivePassword</option></term>
<listitem>
<para>
The password to encode or to compare against an encoded password is
interactively asked to the user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-l, --listSchemes</option></term>
<listitem>
<para>
List available password storage schemes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-r, --useCompareResultCode</option></term>
<listitem>
<para>
Use the LDAP compare result as an exit code for the password comparison.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-s, --storageScheme</option> <replaceable
class="parameter">scheme</replaceable></term>
<listitem>
<para>
Scheme to use for the encoded password.
</para>
</listitem>
</varlistentry>
xpointer='xpointer(//para[@name="l-general"]/*)'/>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<informalexample>
<para>
The following example encodes a password, and also shows comparison of a
password with the encoded value.
</para>
<literallayout
><prompt>$ </prompt><command>encode-password -l</command></literallayout>
<screen>
3DES
AES
BASE64
BLOWFISH
CLEAR
CRYPT
MD5
RC4
SHA
SMD5
SSHA
SSHA256
SSHA384
SSHA512
</screen>
<literallayout><prompt
>$ </prompt><command>encode-password -c secret12 -s CRYPT</command></literallayout>
<screen>
Encoded Password: "{CRYPT}ZulJ6Dy3TFnrE"
</screen>
<literallayout><prompt
>$ </prompt><command>encode-password -c secret12 -s CRYPT \
-e "{CRYPT}ZulJ6Dy3TFnrE" -r</command></literallayout>
<screen>
The provided clear-text and encoded passwords match
</screen>
<literallayout><prompt
>$ </prompt><command>echo $?</command></literallayout>
<screen>
6
</screen>
</informalexample>
</refsection>
<refsection>
<title>Exit Codes</title>
<variablelist>
<varlistentry>
<term><errorcode>0</errorcode></term>
<listitem>
<para>
The command completed successfully.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><errorcode>5</errorcode></term>
<listitem>
<para>
The <option>-r</option> option was used, and the compare did not match.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><errorcode>6</errorcode></term>
<listitem>
<para>
The <option>-r</option> option was used, and the compare did match.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><errorcode>other</errorcode></term>
<listitem>
<para>
An error occurred.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
</refentry>