CRYPT_GENSALT(3C) | Standard C Library Functions | CRYPT_GENSALT(3C) |
crypt_gensalt - generate salt string for string encoding
#include <crypt.h> char *crypt_gensalt(const char *oldsalt, const struct passwd *userinfo);
The crypt_gensalt() function generates the salt string required by crypt(3C).
If oldsalt is NULL, crypt_gensalt() uses the algorithm defined by CRYPT_DEFAULT in /etc/security/policy.conf. See policy.conf(5).
If oldsalt is non-null, crypt_gensalt() determines if the algorithm specified by oldsalt is allowable by checking the CRYPT_ALGORITHMS_ALLOW and CRYPT_ALGORITHMS_DEPRECATE variables in /etc/security/policy.conf. If the algorithm is allowed, crypt_gensalt() loads the appropriate shared library and calls crypt_gensalt_impl(3C). If the algorithm is not allowed or there is no entry for it in crypt.conf, crypt_gensalt() uses the default algorithm.
The mechanism just described provides a means to migrate users to new password hashing algorithms when the password is changed.
Upon successful completion, crypt_gensalt() returns a pointer to the new salt. Otherwise a null pointer is returned and errno is set to indicate the error.
The crypt_gensalt() function will fail if:
EINVAL
ELIBACC
ENOMEM
The value returned by crypt_gensalt() points to a null-terminated string. The caller of crypt_gensalt() is responsible for calling free(3C).
Applications dealing with user authentication and password changing should not call crypt_gensalt() directly but should instead call the appropriate pam(3PAM) functions.
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Evolving |
MT-Level | MT-Safe |
passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt_impl(3C), getpassphrase(3C), malloc(3C), pam(3PAM), crypt.conf(5), passwd(5), policy.conf(5), attributes(7)
June 10, 2002 | OmniOS |