![]() $5$ is 256-bit Secure Hash Algorithm (SHA-256).By default, it uses the insecure Data Encryption Standard (DES), but depending on the second argument, we can employ many others.Įssentially, the initial characters of the password field value in /etc/shadow identify the encryption algorithm: In fact, crypt(), as the main password encryption function, leverages glibc. Alternatively, we can use the pam_unix.so pluggable authentication module (PAM) and change the default hashing algorithm via /etc/pam.d/common-password.Īnother consideration is the presence and version of glibc. Usually, the default encryption algorithm can be read or defined via the ENCRYPT_METHOD variable of /etc/fs. Which one /etc/shadow uses depends on several factors. There are many algorithms for encryption. Critically, vipw doesn’t automatically check the syntax after any edits. When editing /etc/shadow directly, it’s best to use the -s switch to vipw, which locks /etc/shadow similar to visudo and the /etc/sudoers file. Expire – date after which the user becomes disabled (number of days since ) with 7 as the default.Inactive – number of days after password expiry, following which the user will become disabled.Warning – number of days prior to password expiry that should be left for a user to receive a warning about it.Maximum – maximum number of days a password is valid with 99999 as the default. ![]()
0 Comments
Leave a Reply. |