On Wed, Nov 12, 2003 at 01:23:35PM +0200, Oles Hnatkevych wrote: > /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf) > But /usr/sbin/adduser creates users with DES encrypted passwords. > How do I make it use MD5 instead of DES? Seems like it's perls crypt() > problem, and the DES is the default...
It's not the perl crypt() function, as that just mirrors the behaviour of the underlying libc crypt(3) function. Try these commands and you'll see how things work: Traditional DES: % perl -le 'print crypt("password", "xx")' Extended DES: % perl -le 'print crypt("password", "_xx")' Modular ($1$ => MD5) % perl -le 'print crypt("password", "\$1\$xx")' ie. The format of the salt supplied to crypt controls the algorithm used. You're right however that the adduser(8) command will always generate a DES encrypted password hash. Unfortunately it's programmed so that it can't do anything else -- plus it uses srand() on a combination of the PID, the date and some other data to seed the RNG, which used to be a reasonable idea, but now that we have /dev/random is much less so. Use 'pw useradd' command instead. See pw(8) -- this is a much more capable program for manipulating user and group accounts, and it doesn't suffer from the drawbacks you've noted. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Description: PGP signature