22 Dec
2011
22 Dec
'11
2:49 p.m.
From: Stephen Harris lists@spuddy.org
If you look at "man 3 crypt" you'll see the same function is used to generate all the different types of encryption; the difference is the "salt" value. When you try to login the system will see (based on your shadow entry) what the current password is encrypted with and will use the same salt to encrypt your typed-in password.
In this way the password file can contain traditional DES, MD5 and SHA512 at the same time (for different users, obviously). So "root" could be SHA512, "fred" could be MD5 and "harry" could be DES, and they'll all work.
login.defs merely defines how _new_ passwords are encrypted (when you run the passwd command).
Thanks for the info!
JD