Server Configuration > Post Install Server Security > Choosing Your Security Policy > Additional Configuration for MKS Domain Security Scheme
Additional Configuration for MKS Domain Security Scheme
For enhanced security, user passwords in MKS Domain are stored in a hashed format. The following table lists the configurable properties for the MKS Domain security scheme. Using these properties, you can configure security of the hashed passwords to the desired level. Add the properties to the is.properties file before server startup. If you type any invalid values, the server does not start and an appropriate error message is logged in the server log.
* 
You must configure these values before the server starts. If you modify any value after server startup, authentication errors for existing MKS Domain users may occur. Correcting the authentication errors may require database-related changes, re-creation and change of password operations for the affected users.
Property
Description
Valid Values
mksis.mksdomain.hashingAlgorithm
Hashing algorithm used for generating the password hash
Specify any one of the following values:
PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
If no value is specified, the default hashing algorithm used is PBKDF2WithHmacSHA512.
mksis.mksdomain.hashLengthBytes
Length of the hash to be generated (in bytes)
Specify a value between 16 and 256.
If no value is specified, the default length of the hash is 64 bytes.
mksis.mksdomain.saltLengthBytes
Length of the salt value used for password hashing (in bytes)
Specify a value between 16 and 256.
If no value is specified, the default length of the salt value is 64 bytes.
mksis.mksdomain.iterations
Number of iterations used by the hashing algorithm to generate the hash
Specify a value greater than 1000.
If no value is specified, the default number of iterations is 100000.
Was this helpful?