xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-06-13 09:50:19 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2559 from stanford-rc/crypt_passwd

Browse Source 
Crypt passwd
This commit is contained in:
chenglch
2017-03-01 17:18:34 +08:00
committed by GitHub
parent 25b21f28b0 0e5bb69678
commit 83ebef0425
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/guides/admin-guides/references/man5/passwd.5.rst
View File

@ -50,13 +50,13 @@ passwd Attributes:
\ **password**\
The default password for this type of component
The default password for this type of component. On Linux, a crypted form could be provided. Hashes starting with $1$, $5$ and $6$ (md5, sha256 and sha512 respectively) are supported.
\ **cryptmethod**\
Indicates the method that was used to encrypt the password attribute. On AIX systems, if a value is provided for this attribute it indicates that the password attribute is encrypted. If the cryptmethod value is not set it indicates the password is a simple string value. On Linux systems, the cryptmethod can be set to md5, sha256 or sha512. If not set, sha256 will be used as default.
Indicates the method to use to encrypt the password attribute. On AIX systems, if a value is provided for this attribute it indicates that the password attribute is encrypted. If the cryptmethod value is not set it indicates the password is a simple string value. On Linux systems, the cryptmethod can be set to md5, sha256 or sha512. If not set, sha256 will be used as default to encrypt plain-text passwords.

23
xCAT-server/lib/perl/xCAT/PasswordUtils.pm
View File

@ -149,16 +149,21 @@ sub crypt_system_password {
"ERROR: Unable to get password from database table $table, key=$key");
return undef;
}
$cryptmethod = $data->{'cryptmethod'};
if (!$cryptmethod) {
# Use sha256 crypt method by default
$result = crypt($password, $CRYPT_METHOD{'sha256'} . xCAT::Utils::genpassword(8));
} elsif( defined($CRYPT_METHOD{$cryptmethod})) {
$result = crypt($password,
$CRYPT_METHOD{$cryptmethod} . xCAT::Utils::genpassword(8));
if (($password =~ /^\$1\$/) || ($password =~ /^\$5\$/) || ($password =~ /^\$6\$/)) {
# $password is already hashed
$result = $password;
} else {
xCAT::MsgUtils->message("S", "Unsupported crypt method $cryptmethod");
return undef;
$cryptmethod = $data->{'cryptmethod'};
if (!$cryptmethod) {
# Use sha256 crypt method by default
$result = crypt($password, $CRYPT_METHOD{'sha256'} . xCAT::Utils::genpassword(8));
} elsif( defined($CRYPT_METHOD{$cryptmethod})) {
$result = crypt($password,
$CRYPT_METHOD{$cryptmethod} . xCAT::Utils::genpassword(8));
} else {
xCAT::MsgUtils->message("S", "Unsupported crypt method $cryptmethod");
return undef;
}
}
return $result;
}