CRYPT_GENSALT(3C) Standard C Library Functions CRYPT_GENSALT(3C)

crypt_gensalt - generate salt string for string encoding

#include <crypt.h>
char *crypt_gensalt(const char *oldsalt, const struct passwd *userinfo);

The crypt_gensalt() function generates the salt string required by crypt(3C).

If oldsalt is NULL, crypt_gensalt() uses the algorithm defined by CRYPT_DEFAULT in /etc/security/policy.conf. See policy.conf(5).

If oldsalt is non-null, crypt_gensalt() determines if the algorithm specified by oldsalt is allowable by checking the CRYPT_ALGORITHMS_ALLOW and CRYPT_ALGORITHMS_DEPRECATE variables in /etc/security/policy.conf. If the algorithm is allowed, crypt_gensalt() loads the appropriate shared library and calls crypt_gensalt_impl(3C). If the algorithm is not allowed or there is no entry for it in crypt.conf, crypt_gensalt() uses the default algorithm.

The mechanism just described provides a means to migrate users to new password hashing algorithms when the password is changed.

Upon successful completion, crypt_gensalt() returns a pointer to the new salt. Otherwise a null pointer is returned and errno is set to indicate the error.

The crypt_gensalt() function will fail if:


The configuration file crypt.conf contains an invalid entry.


The required shared library was not found.


There is insufficient memory to perform hashing.

The value returned by crypt_gensalt() points to a null-terminated string. The caller of crypt_gensalt() is responsible for calling free(3C).

Applications dealing with user authentication and password changing should not call crypt_gensalt() directly but should instead call the appropriate pam(3PAM) functions.

See attributes(7) for descriptions of the following attributes:

Interface Stability Evolving
MT-Level MT-Safe

passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt_impl(3C), getpassphrase(3C), malloc(3C), pam(3PAM), crypt.conf(5), passwd(5), policy.conf(5), attributes(7)

June 10, 2002 OmniOS