Configuring the user password hash algorithm

About this task

Configure the algorithm to hash user passwords OpsCenter authentication. The default algorithm is bcrypt+blake2b-512.

Available password_hash_type options include:

  • bcrypt+blake2b-512

  • pbkdf2+blake2b-512

  • pbkdf2+sha512

  • pbkdf2+sha3-256

  • bcrypt+sha512

Procedure

  1. Locate the opscenterd.conf file. The location of this file depends on the type of installation:

    • Package installations: /etc/opscenter/opscenterd.conf

    • Tarball installations: install_location/conf/opscenterd.conf

  2. Open the opscenterd.conf file for editing.

    Set password_hash_type to the desired hashing option in the [authentication] section.

    [authentication]
    password_hash_type = pbkdf2+sha3-256
  3. Restart OpsCenter.

  4. Instruct users to log in again so that OpsCenter can rehash and restore the user passwords. Because password hash algorithms are one-way functions that cannot be reversed, logging in again is necessary to update previously hashed user passwords.