xref: /illumos-gate/usr/src/man/man3c/crypt_gensalt.3c (revision 8119dad84d6416f13557b0ba8e2aaf9064cbcfd3) 
 te
 Copyright (c) 2002, Sun Microsystems, Inc. All Rights Reserved.
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 CRYPT_GENSALT 3C "Jun 10, 2002"
 NAME
crypt_gensalt - generate salt string for string encoding

 SYNOPSIS


#include <crypt.h>

char *crypt_gensalt(const char *oldsalt, const struct passwd *userinfo);




 DESCRIPTION

The crypt_gensalt() function generates the salt string required by
crypt(3C).


If oldsalt is NULL, crypt_gensalt() uses the algorithm
defined by CRYPT_DEFAULT in /etc/security/policy.conf. See
policy.conf(5).


If oldsalt is non-null, crypt_gensalt() determines if the algorithm
specified by oldsalt is allowable by checking the
CRYPT_ALGORITHMS_ALLOW and CRYPT_ALGORITHMS_DEPRECATE variables in
/etc/security/policy.conf. If the algorithm is allowed,
crypt_gensalt() loads the appropriate shared library and calls
crypt_gensalt_impl(3C). If the algorithm is not allowed or there is no
entry for it in crypt.conf, crypt_gensalt() uses the default
algorithm.


The mechanism just described provides a means to migrate users to new password
hashing algorithms when the password is changed.

 RETURN VALUES

Upon successful completion, crypt_gensalt() returns a pointer to the new
salt. Otherwise a null pointer is returned and errno is set to indicate
the error.

 ERRORS

The crypt_gensalt() function will fail if:
EINVAL


The configuration file crypt.conf contains an invalid entry.



ELIBACC


The required shared library was not found.



ENOMEM


There is insufficient memory to perform hashing.




 USAGE

The value returned by crypt_gensalt() points to a null-terminated string.
The caller of crypt_gensalt() is responsible for calling free(3C).


Applications dealing with user authentication and password changing should not
call crypt_gensalt() directly but should instead call the appropriate
pam(3PAM) functions.

 ATTRIBUTES

See attributes(7) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT-Level MT-Safe



 SEE ALSO

 passwd (1),  crypt (3C),  crypt_genhash_impl (3C),  crypt_gensalt_impl (3C),  getpassphrase (3C),  malloc (3C),  pam (3PAM),  crypt.conf (5),  passwd (5),  policy.conf (5),  attributes (7)