Shadow file question
 

I'm a bit puzzled here.

I am trying to move accounts from Mandrake 10.1 to RH ES. As a part of the setup process of RH, i created an account for myself with the same password as on the M. Now, when i look at the shadow files of both machines, the hashes for my accounts are different. At the same time when i recreated some of other users on the RH and pasted the hashes from M's shadow file, i'm able to login without a problem (at least via FTP). So why is it that in one scenraio, when the password is the same, the hashes are different?

Thanks,

Tim

The salts are different. A password field looks something like this:
The "1" says that this is an MD5 hash, the string of 8 x's is the salt, and the remainder is the hashed password. The salt is used in hashing the password, so that if you used two different salts on the same password, you'd have two different hashes.

As an addendum, you don't want a user to know if s/he has the same password as another user. By using different salts, you can allow multiple users to have the same password without having identical shadow entries.

Berhanie basically covered the technical aspects.

To check if an entered password matches, just apply the identical mathematical algorithm

to it : if it matches, then the password is correct. This is how the login command works.

Sometimes you will see a * in place of a hashed password. This means the account has

been disabled.

source : Rute User's Tutorial and Exposition by Paul Sheer.

:-)
 

Berhanie, GNUbie and samael26,

Thank you very much for the quick response. This wasn't a critical issue, - i just don't like to leave something as "i don't get it, but since it is working - i don't bother figuring it out"

Thanks again!