The sha-256-digest-string type automatically computes a SHA-256
digest for a value adhering to this type.
A value of this type matches one of the forms:
$0$<clear text password>
$5$<salt>$<password hash>
$5$rounds=<number>$<salt>$<password hash>
The '$0$' prefix signals that this is plain text. When a plain
text value is received by the server, a SHA-256 digest is
calculated, and the string '$5$<salt>$' is prepended to the
result, where <salt> is a random 16 character salt used to
generate the digest. This value is stored in the configuration
data store. The algorithm can be tuned via the
/confdConfig/cryptHash/rounds parameter, which if set to a number
other than the default will cause '$5$rounds=<number>$<salt>$' to
be prepended instead of only '$5$<salt>$'.
If a value starting with '$5$' is received, the server
knows that the value already represents a SHA-256 digest, and
stores it as is in the data store.
If a default value is specified, it must have a '$5$' prefix.
The digest algorithm used is the same as the SHA-256 crypt function
used for encrypting passwords for various UNIX systems, see e.g.
http://www.akkadia.org/drepper/SHA-crypt.txt