Wednesday Feb 20, 2013

Generating a crypt_sha256 hash from the CLI

When doing a completely hands off Solaris installation the System Configuration profile needs to contain the hash for the root password, and the optional inital non root user.

Unfortunately Solaris doesn't currently provide a simple to use command for generating these hashes, but with a very simple bit of Python you can easily create them:

#!/usr/bin/python

import crypt, getpass, os, binascii

if __name__ == "__main__":
    cleartext = getpass.getpass()
    salt = '$5$' + binascii.b2a_base64(os.urandom(8)).rstrip() + '$'

    print crypt.crypt(cleartext, salt)



        
    

Tuesday Aug 12, 2008

What is the maximum password length for Solaris/OpenSolaris ?

I find I'm answering this question a lot on our internal support aliases. Simply out the maximum possible length is 255. However it actually depends on the algorithm that crypt(3C) is going to use. Starting in the second update release of Solaris 9 we made crypt(3C) pluggable.

Not all crypt(3C) plugins accept the full 255 chars as significant input. The documented limit for each of them is on the relevant man page but I'll summarise here:

  • crypt_unix(5) - the old unix default (8)
  • crypt_sunmd5(5) - S9u2 onwards - (255)
  • crypt_bsdmd5(5) - S9u2 onwards - (255)
  • crypt_bsdbf(5) - S9u2 onwards - (255)
  • crypt_sha256(5) - S10u6 / OpenSolaris onwards - (255)
  • crypt_sha512(5) - S10u6 / OpenSolaris onwards - (255)

How to do this is documented here: Solaris 10 System Administrator Collection >> System Administration Guide: Security Services >> System, File, and Device Security >> 3. Controlling Access to Systems (Tasks) >> Changing the Password Algorithm (Task Map)

About

DarrenMoffat

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today