[20160420]shadow文件格式口令加密.txt
$ man 5 shadow
SHADOW(5) File Formats and Conversions SHADOW(5)
NAME
shadow - encrypted password file
DESCRIPTION
shadow contains the encrypted password information for user's accounts and optional the password aging
information. Included is:
. login name
. encrypted password
. days since Jan 1, 1970 that password was last changed
. days before password may be changed
. days after which password must be changed
. days before password is to expire that user is warned
. days after password expires that account is disabled
. days since Jan 1, 1970 that account is disabled
. a reserved field
# cat /etc/shadow |grep oracle
oracle:$1$ZcwH7AWX$0BlZZRahwsQ4hLIEUTBN5.:16911:0:99999:7:::
--主要关注加密字段.
$1$ZcwH7AWX$0BlZZRahwsQ4hLIEUTBN5.
--以$作为分割,
--第1个字段表示:
$1 = MD5 hashing algorithm.
$2 =Blowfish Algorithm is in use.
$2a=eksblowfish Algorithm
$5 =SHA-256 Algorithm
$6 =SHA-512 Algorithm
--很明显这里使用MD5 hashing algorithm.
--第2个字段salt占8位:
ZcwH7AWX
--第3个字段就是口令的加密串=> password+slat的hash value.
0BlZZRahwsQ4hLIEUTBN5.
--我的测试口令是123456,测试看看:
$ openssl passwd -1 -salt ZcwH7AWX 123456
$1$ZcwH7AWX$0BlZZRahwsQ4hLIEUTBN5.
--正好对上!!
--实际上在安装的时候可以选择口令的加密算法.
# grep password /etc/pam.d/system-auth
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
# authconfig --test|grep hashing
password hashing algorithm is md5
# authconfig --passalgo=sha512 --update
# grep sha512 /etc/pam.d/system-auth
system-auth:password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
system-auth-ac:password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
--已经修改为sha512
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/267265/viewspace-2084794/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/267265/viewspace-2084794/
1462
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
