Is the hash in "rootpw --iscrypted HASH" in Kickstart encrypted with md5?

Rogue45 · 07-31-2012, 06:37 PM

In kickstart I am generating a hash based on user input of what they want their password to be.

I was using md5 but it doesn't seem to be working for rootpw or user. I tried generating the password with md5sum and grub-md5-crypt

Am i supposed to be using DES or SHA512 or something? The example hash given is like 2x as long as the one i generate with md5.

druuna · 08-01-2012, 12:46 AM

The rootpwd --iscrypted and authconfig --enableshadow --passalgo=xyz go together.

Quote:

rootpw

This required command sets the system's root password to the <password> argument.

rootpw [options] <password>

--iscrypted|--plaintext
If this is present, the password argument is assumed to already be encrypted. --plaintext has the opposite effect - the password argument is assumed to not be encrypted. To create an encrypted password you can use python: python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Sault"))' This will generate sha512 crypt of your password using your provided salt.

Quote:

auth or authconfig

This required command sets up the authentication options for the system. This is just a wrapper around the authconfig program, so all options recognized by that program are valid for this command. See the manual page for authconfig for a complete list.

By default, passwords are normally encrypted and are not shadowed.

Something like this should work (using the python command mentioned in the first quote):

Code:

authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $<long string>

Quotes are from here: http://fedoraproject.org/wiki/Anaconda/Kickstart