Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495
Rep:
missing fields in /etc/shadow
I am watching these videos with study material for the Linux+ exam. Instead of creating a new user with no password and then using the passwd command, he uses openssl passwd -crypt and then takes the hash that generates and gives it with the useradd -p option. Then the new line in /etc/shadow file is missing the encryption id and salt (i guess if none is given, it assumes not salted), so how will it know what encryption method to use?
from man 3 crypt:
Quote:
$id$salt$encrypted
And no where in there does it talk about omitting one or more of the fields.
This page and site may help http://www.openssl.org/docs/apps/passwd.html#.
Basically, he's creating an encrypted (hashed) passwd using the old Unix style crypt algo.
Also, no salt and no id.
The system will assume 'crypt' if no id is specified.
Obviously not very secure, but ok for demo purposes I guess.
There was also a limit that only the first 8 chars would be hashed, even if more were specified in the plaintext src passwd.(!)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.