Re: EL7, grub-crypt?

Darod Zyree <darodzyree@xxxxxxxxx> · Thu, 28 Aug 2014 01:15:59 +0200

2014-08-28 0:51 GMT+02:00 David Goldsmith <dgoldsmith@xxxxxxxx>:

> On Aug 27, 2014, at 6:37 PM, Darod Zyree <darodzyree@xxxxxxxxx> wrote:
>
> > 2014-08-27 16:07 GMT+02:00 Baptiste Agasse <
> baptiste.agasse@xxxxxxxxxxxxxxxx
> >> :
> >
> >>
> >>
> >> ----- Mail original -----
> >>> Hi,
> >>>
> >>> Whats the new way of creating sha512 passwords in EL7?
> >>
> >>
> >>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html#sec-Password_Encryption
> >>
> >>> In Centos6 I used grub-crypt but that does not exist anymore.
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@xxxxxxxxxx
> >>> http://lists.centos.org/mailman/listinfo/centos
> >>>
> >>
> >> --
> >> Baptiste AGASSE
> >> Lyra Network, Service Systèmes et Réseaux
> >> 109 Rue de l'innovation, 31670 Labège - France
> >> Tél: (+33)5.67.22.31.87
> >> Fax: (+33)5.67.22.31.61
> >> Mail: baptiste.agasse@xxxxxxxxxxxxxxxx
> >> Site: http://www.lyra-network.com
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS@xxxxxxxxxx
> >> http://lists.centos.org/mailman/listinfo/centos
> >>
> >
> > But this is for creating passwords for grub2, no?
> >
> > I was asking (altough might not have been clear enough) on how to get the
> > encrypted values for the shadow file entries.
> > grub-crypt used to be able to do that, returning with the encrypted value
> > of a given passphrase starting with $6$
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
>
>
> Its the default hash used on EL7 by the “passwd” command.
>
> [root@centos7 etc]# grep dgoldsmith /etc/shadow
> dgoldsmith:$6$IoGARIF2$44lyu/9VjFmGsOW (line truncated)
>
> [root@centos7 etc]# tail -3 /etc/login.defs
> # Use SHA512 to encrypt password.
> ENCRYPT_METHOD SHA512
>
> --
> David Goldsmith
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
Right, sha512 was default for rhel6 too.

Am I failing to understand something?

So, lets say I create a new user account, and it was that password (going
against all common password policies) to be "tree"
without using passwd how do i get the sha512 encrypted value of that
password "tree"
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos