useradd and crypt

Michael Hipp Michael
Wed Oct 4 17:36:08 PDT 2006 

Bill Campbell wrote:
> On Wed, Oct 04, 2006, Michael Hipp wrote:
>> David Bandel wrote:
>>> On 10/3/06, Michael Hipp <Michael at hipp.com> wrote:
>>> [snip]
>>>> I get a different result on every run and none of them match what is in
>>>> /etc/shadow for known passwords. Also tried --crypt-md5 with similar results.
>>>> So how do you get it to match what passwd would produce so that the input to
>>>> the useradd command would be correct for /etc/shadow?
>>> <sigh>
>>> You've obviously been playing with Windoze and kindergarten
>>> cryptography for too long.
>>>
>>> ...
>>> Trust me, the crypts are good.
>> <sigh>
>> I wasn't questioning whether the crypts were "good". That is assumed. My 
>> question - poorly asked - was which crypt is the "correct" one. In other 
>> words, what options do I supply to crypt to get something that is appropriate 
>> for the adduser command?
> 
> You need to supply the plain text password and salt characters.
> See ``man 3 crypt'' for more information on the format of the
> salt.  On Linux systems one can also used extended encryption
> which is in the ``GNU EXTENSION'' section of the man pages.
> 
> The way a UNIX/Linux system verifies passwords is to pass the plain text
> password and encrypted password to the crypt(3) routine which then encrypts
> the plain text with the salt from the encrypted password, comparing the
> result to the encrypted password.  They will only match if the plain text
> is the same.
> 
> For DES enryption, you need to generate two random characters from the set
> [a-zA-Z0-9./].  If you want crypt to generate an MD5-based algorithm, then
> supply a salt in the format "$1$<string>$", where "<string>" stands for the
> up to 8 characters from the same set of characters.

Apologies for being dense...

Looking at my /etc/shadow and /etc/pam.d/common-password it appears I'm using 
md5. So to generate a new password for the adduser command is it sufficient to 
do 'crypt --crypt-md5 --string abc123' or is there also some magic salt I'm 
supposed to come up with?

And for the record, they don't cover cryptography and ciphers in the 
kindergartens in Arkansas. They do use Windoze tho. ;-)

Michael

More information about the Linux-users mailing list