crypt_gensalt

- generate salt string for string encoding

Synopsis

#include <crypt.h>

char *crypt_gensalt(const char *oldsalt, const struct passwd *userinfo);

Description

The crypt_gensalt() function generates the salt string required by crypt(3C).

If oldsalt is NULL, crypt_gensalt() uses the algorithm defined by CRYPT_DEFAULT in /etc/security/policy.conf. See policy.conf(4).

If oldsalt is non-null, crypt_gensalt() determines if the algorithm specified by oldsalt is allowable by checking the CRYPT_ALGORITHMS_ALLOW and CRYPT_ALGORITHMS_DEPRECATE variables in /etc/security/policy.conf. If the algorithm is allowed, crypt_gensalt() loads the appropriate shared library and calls crypt_gensalt_impl(3C). If the algorithm is not allowed or there is no entry for it in crypt.conf, crypt_gensalt() uses the default algorithm.

The mechanism just described provides a means to migrate users to new password hashing algorithms when the password is changed.

Return Values

Upon successful completion, crypt_gensalt() returns a pointer to the new salt. Otherwise a null pointer is returned and errno is set to indicate the error.

Errors

The crypt_gensalt() function will fail if:

EINVAL

The configuration file crypt.conf contains an invalid entry.

ELIBACC

The required shared library was not found.

ENOMEM

There is insufficient memory to perform hashing.

Usage

The value returned by crypt_gensalt() points to a null-terminated string. The caller of crypt_gensalt() is responsible for calling free(3C).

Applications dealing with user authentication and password changing should not call crypt_gensalt() directly but should instead call the appropriate pam(3PAM) functions.

Attributes

See attributes(5) for descriptions of the following attributes:

See Also

passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt_impl(3C), getpassphrase(3C), malloc(3C), pam(3PAM), crypt.conf(4), passwd(4), policy.conf(4), attributes(5)