Configuring the user password hash algorithm

Configure the algorithm to hash user passwords for OpsCenter authentication.

Configure the algorithm to hash user passwords OpsCenter authentication. The default as of OpsCenter 6.0 is bcrypt+blake2b-512. Earlier versions of OpsCenter used sha256. OpsCenter versions prior to 6.0 are automatically migrated to the new default bcrypt+blake2b-512 for increased password protection.

Available password_hash_type options include:
  • bcrypt+blake2b-512
  • pbkdf2+blake2b-512
  • pbkdf2+sha512
  • pbkdf2+sha3-256
  • bcrypt+sha512

opscenterd.conf

The location of the opscenterd.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

Procedure

  1. Open the opscenterd.conf file for editing.

    Set password_hash_type to the desired hashing option in the [authentication] section.

    [authentication] 
    password_hash_type = pbkdf2+sha3-256
  2. Restart OpsCenter.
  3. Instruct users to log in again so that OpsCenter can rehash and restore the user passwords. Because password hash algorithms are one-way functions that cannot be reversed, logging in again is necessary to update previously hashed user passwords.