For security, the user passwords are encrypted before being stored into the database. When a user logs in, he provides a password in clear text. This given password then is encrypted by the same algorithm and the same encoder class before being compared with the stored password. If they match, the user gets authenticated.
As of eXo Platform 4.3, the encoder and the algorithm can be configured via exo.properties.
See Configuration overview if you have not created this file yet.
It is not likely administrators will want to change the default encoder and algorithm. However for users who upgrade from a previous version older than 4.3, it is important to know that the default encoder and the default algorithm have changed, so you will need to re-configure it back to the old one which has been used, otherwise old users will not be able to log in.
Before 4.3, the defaults are:
Encoder class: org.picketlink.idm.impl.credential.HashingEncoder
Algorithm: MD5
As of 4.3, the defaults are:
Encoder class: org.picketlink.idm.impl.credential.DatabaseReadingSaltEncoder
Algorithm: SHA-256
To change the defaults in 4.3 back to the old ones, edit exo.properties to have:
exo.plidm.password.class=org.picketlink.idm.impl.credential.HashingEncoder exo.plidm.password.hash=MD5