Re: 6.2 and login.defs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Dec 22, 2011 at 03:30:06AM -0800, John Doe wrote:
> Hi,
> 
> After the 6.2 upgrade, the new /etc/login.defs has:
> ? ENCRYPT_METHOD SHA512 instead of MD5Is it safe to just apply the change?
> Will my current MD5 passwords in /etc/passwd still work and only new passwords will be SHA512?
> Or are they automatically "converted" (rehashed) to SHA512?

If you look at "man 3 crypt" you'll see the same function is used to
generate all the different types of encryption; the difference is the
"salt" value.  When you try to login the system will see (based on your
shadow entry) what the current password is encrypted with and will use
the same salt to encrypt your typed-in password.

In this way the password file can contain traditional DES, MD5 and
SHA512 at the same time (for different users, obviously).  So "root"
could be SHA512, "fred" could be MD5 and "harry" could be DES, and
they'll all work.

login.defs merely defines how _new_ passwords are encrypted (when you run
the passwd command).

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux