useradd and crypt

[Bill Campbell]

On Wed, Oct 04, 2006, Michael Hipp wrote:
>David Bandel wrote:
>> On 10/3/06, Michael Hipp <Michael at hipp.com> wrote:
>> [snip]
>>> I get a different result on every run and none of them match what is in
>>> /etc/shadow for known passwords. Also tried --crypt-md5 with similar results.
>>> So how do you get it to match what passwd would produce so that the input to
>>> the useradd command would be correct for /etc/shadow?
>> 
>> <sigh>
>> You've obviously been playing with Windoze and kindergarten
>> cryptography for too long.
>> 
>>...
>> Trust me, the crypts are good.
>
><sigh>
>I wasn't questioning whether the crypts were "good". That is assumed. My 
>question - poorly asked - was which crypt is the "correct" one. In other 
>words, what options do I supply to crypt to get something that is appropriate 
>for the adduser command?

You need to supply the plain text password and salt characters.
See ``man 3 crypt'' for more information on the format of the
salt.  On Linux systems one can also used extended encryption
which is in the ``GNU EXTENSION'' section of the man pages.

The way a UNIX/Linux system verifies passwords is to pass the plain text
password and encrypted password to the crypt(3) routine which then encrypts
the plain text with the salt from the encrypted password, comparing the
result to the encrypted password.  They will only match if the plain text
is the same.

For DES enryption, you need to generate two random characters from the set
[a-zA-Z0-9./].  If you want crypt to generate an MD5-based algorithm, then
supply a salt in the format "$1$<string>$", where "<string>" stands for the
up to 8 characters from the same set of characters.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Systems, Inc.
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

``It's not what you pay a man but what he costs you that counts.''
    Will Rogers