passwd -S output

I read that passwd -S spits out information about a user’s password including the encryption algorithm used to encrypt the password in /etc/shadow. I ran the command but nothing about the algorithm is returned. Is this a quirk in openSUSE?

On another note, I’ve determined through other means that I’ve selected blowfish encryption as evidenced by the $2blah$2blahblah format of the /etc/shadow entry. However, if I look at /etc/default/passwd it lists CRYPT=md5. If I’m using blowfish why would that variable be set to md5. Conversely, if it is set to md5 why is the blowfish algorithm being invoked?

  • theillien wrote, On 03/23/2010 07:46 PM:
    > I read that -passwd -S- spits out information about a user’s password
    > including the encryption algorithm used to encrypt the password in
    > /etc/shadow. I ran the command but nothing about the algorithm is
    > returned. Is this a quirk in openSUSE?

The manpage for passwd doesn’t say it spits out information about the encryption method, so where did you read this?

> On another note, I’ve determined through other means that I’ve selected
> blowfish encryption as evidenced by the $2blah$2blahblah format of the
> /etc/shadow entry. However, if I look at /etc/default/passwd it lists
> CRYPT=md5. If I’m using blowfish why would that variable be set to md5.
> Conversely, if it is set to md5 why is the blowfish algorithm being
> invoked?

That file sets the default. If you used a different method explicitly for your user, the default for new users still stays the same.

Uwe

passwd encryption - Linux Forums
The LPIC-1 book I’m reading.

> On another note, I’ve determined through other means that I’ve selected
> blowfish encryption as evidenced by the $2blah$2blahblah format of the
> /etc/shadow entry. However, if I look at /etc/default/passwd it lists
> CRYPT=md5. If I’m using blowfish why would that variable be set to md5.
> Conversely, if it is set to md5 why is the blowfish algorithm being
> invoked?

That file sets the default. If you used a different method explicitly for your user, the default for new users still stays the same.

Uwe

I created a user test with defaults in /etc/login.defs. I then ran passwd test as root. The resulting hash was blowfish as opposed to md5 as listed in /etc/defaults/passwd.

  • theillien wrote, On 03/23/2010 08:26 PM:

> ‘passwd encryption - Linux Forums’
> (http://www.linuxforums.org/forum/misc/29260-passwd-encryption.html)
> The LPIC-1 book I’m reading.

The link dates back to 2005, so maybe that changed in the meantime. In doubt, I trust the manpage :slight_smile:

> I created a user test with defaults in /etc/login.defs. I then ran
> -passwd test- as root. The resulting hash was blowfish as opposed to md5
> as listed in /etc/defaults/passwd.

That’s interesting. I found another setting in /etc/default/passwd, maybe that’s what’s being used, actually. If you play with that, let us know about the result.

Uwe

If you read the comments in /etc/default/passwd again there are various settings, a default one, one that applies to files (/etc/shadow) and one that applies to NIS.

Also note that if the shadow entry came from an old system, the password doesn’t get converted from one scheme to another (not possible anyway since it’s encrypted), but will get changed to the current scheme when the user changes the password.