On Wed, Nov 12, 2003 at 01:23:35PM +0200, Oles Hnatkevych wrote:

> /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
> But /usr/sbin/adduser creates users with DES encrypted passwords.
> How do I make it use MD5 instead of DES? Seems like it's perls crypt()
> problem, and the DES is the default...

It's not the perl crypt() function, as that just mirrors the behaviour
of the underlying libc crypt(3) function.  Try these commands and
you'll see how things work:

Traditional DES:

    % perl -le 'print crypt("password", "xx")'

Extended DES:

    % perl -le 'print crypt("password", "_xx")'

Modular ($1$ => MD5)

    % perl -le 'print crypt("password", "\$1\$xx")'

ie. The format of the salt supplied to crypt controls the algorithm used.

You're right however that the adduser(8) command will always generate
a DES encrypted password hash.  Unfortunately it's programmed so that
it can't do anything else -- plus it uses srand() on a combination of
the PID, the date and some other data to seed the RNG, which used to
be a reasonable idea, but now that we have /dev/random is much less
so.

Use 'pw useradd' command instead.  See pw(8) -- this is a much more
capable program for manipulating user and group accounts, and it
doesn't suffer from the drawbacks you've noted.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to