On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote: >> You could configure default scheme as CRYPT. It covers these all. Otherwise >> you need to make sure passwords have {SCHEME} prefix when it differs from >> default or oddities occur. --- > Thank you for the tip with CRYPT. > > Is there any explanation for this behaviour though? > > Why are BCRYPT hashes accepted when default_pass_scheme is set to > SHA512-CRYPT > and not vice versa? Is this normal? > Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and CRYPT are ran thru something that checks if it starts with $2$ or not, as linux does not actually support bcrypt in crypt(3).
Aki
signature.asc
Description: OpenPGP digital signature