The documentation refers us to the github example, but this is a bit sparse and mysterious.
It says this:
# created with:
# crypt.crypt('This is my Password', '$1$SomeSalt')
password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.
but crypt.crypt
doesn't emit what the example shows. It also uses MD5.
I tried this:
# python
import crypt
crypt.crypt('This is my Password', '$6$somereallyniceandbigrandomsalt$')
>> '$69LxCegsnIwI'
but the password field of user should get something like this:
password: $6$somereallyniceandbigrandomsalt$UqddPX3r4kH3UL5jq5/ZI.
which includes three $ delimiters separating the 6
(which signifies that its a SHA-512 hash), the salt, and the crypted password.
Note that the python crypt docs don't mention anything about the $N format.
Questions:
Is the salt, as supplied to
crypt.crypt
, supposed to end with a trailing $ or is it in $N$SALT format?Python docs refer to DES, but how is SHA-512 or MD5 being called and where is the documention for this?
Am I really supposed to take the output of
crypt.crypt
and cut off the first $6 and make $N$SALT$CRYPTED? Is this what ansible needs?