DOC-4964 RS: Added change password hashing algorithm page under set password policies section and updated the password hashing note on the index page

rrelledge · rrelledge · commit e0bff6b22218 · 2025-03-19T14:36:38.000-05:00
diff --git a/content/operate/rs/security/access-control/manage-passwords/_index.md b/content/operate/rs/security/access-control/manage-passwords/_index.md
@@ -25,5 +25,5 @@ You can also manage a user's ability to [sign in]({{< relref "/operate/rs/securi
 To enforce more advanced password policies, we recommend using [LDAP integration]({{< relref "/operate/rs/security/access-control/ldap" >}}) with an external identity provider, such as Active Directory.
 
 {{<note>}}
-Redis Enterprise Software stores all user passwords using the SHA-256 cryptographic hash function.
+Redis Enterprise Software securely stores all user passwords using a cryptographic hash function. The default password hashing algorithm is `SHA-256`, but you can [change the password hashing algorithm]({{<relref "/operate/rs/security/access-control/manage-passwords/password-hashing-algorithm">}}) to `PBKDF2` as of Redis Enterprise Software version 7.8.6-13.
 {{</note>}}
diff --git a/content/operate/rs/security/access-control/manage-passwords/password-hashing-algorithm.md b/content/operate/rs/security/access-control/manage-passwords/password-hashing-algorithm.md
@@ -0,0 +1,33 @@
+---
+Title: Change the password hashing algorithm
+alwaysopen: false
+categories:
+- docs
+- operate
+- rs
+description: Change the password hashing algorithm for user passwords in a Redis Enterprise Software cluster.
+linkTitle: Password hashing algorithm
+toc: 'true'
+weight: 95
+---
+
+Redis Enterprise Software securely stores all user passwords using a cryptographic hash function. The default password hashing algorithm is `SHA-256`, but `PBKDF2` is also supported as of Redis Enterprise Software version 7.8.6-13.
+
+You can change the password hashing algorithm using [`rladmin`]({{<relref "/operate/rs/references/cli-utilities/rladmin">}}) or the [REST API]({{<relref "/operate/rs/references/rest-api">}}). When you change the password hashing algorithm, the cluster rehashes the administrator password and passwords for all users, including default users.
+
+## Command-line method
+
+To change the password hashing algorithm from the command line, run [`rladmin cluster change_password_hashing_algorithm`]({{<relref "/operate/rs/references/cli-utilities/rladmin/cluster/change_password_hashing_algorithm">}}):
+
+```sh
+rladmin cluster change_password_hashing_algorithm PBKDF2
+```
+
+## REST API method
+
+You can [change the password hashing algorithm]({{<relref "/operate/rs/references/rest-api/requests/cluster/change_password_hashing_algorithm#patch-change-password-hashing-algorithm">}}) using a REST API request:
+
+```sh
+PATCH /v1/cluster/change_password_hashing_algorithm
+{ "algorithm": "PBKDF2" }
+```
