Configuring the user password hash algorithm

Configure the algorithm to hash user passwords for OpsCenter authentication.

Configure the algorithm to hash user passwords OpsCenter authentication. The default algorithm is bcrypt+blake2b-512. Earlier versions of OpsCenter used sha256. OpsCenter versions prior to 6.0 are automatically migrated to the new default bcrypt+blake2b-512 for increased password protection.

Available password_hash_type options include:
  • bcrypt+blake2b-512
  • pbkdf2+blake2b-512
  • pbkdf2+sha512
  • pbkdf2+sha3-256
  • bcrypt+sha512

opscenterd.conf

The location of the opscenterd.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

Procedure

  1. Open the opscenterd.conf file for editing.

    Set password_hash_type to the desired hashing option in the [authentication] section.

    [authentication] 
password_hash_type = pbkdf2+sha3-256
  2. Restart OpsCenter.
  3. Instruct users to log in again so that OpsCenter can rehash and restore the user passwords. Because password hash algorithms are one-way functions that cannot be reversed, logging in again is necessary to update previously hashed user passwords.