I want to generate SHA512 hashed passwords for inclusion directly into a /etc/shadow file for use with chef's user resource. Normally I'd go to the stdlib's Digest library for this, but it doesn't generate the hash in the right format:

我想生成SHA512散列密码,以便直接包含在/ etc / shadow文件中,以便与chef的用户资源一起使用。通常我会去stdlib的Digest库,但它不会以正确的格式生成哈希:

ruby-1.9.2-p136 :001 > require 'digest/sha2'
 => true 
ruby-1.9.2-p136 :002 > Digest::SHA512.hexdigest('test')
 => "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff" 

The format that the shadow file wants is:

shadow文件想要的格式是:

$6$/ShPQNXV$HJnibH9lw01qtYqyJQiBf81ggJB2BGUvKA7.kv39HGCeE.gD4C/SS9zAf5BrwOv3VJzvl99FpHYli9E8jykRC0

Things I've looked at:

我看过的事情:

• The openssl "dgst" module returns the same format as .hexdigest, and its "passwd" module doesn't include SHA512 support.

openssl“dgst”模块返回与.hexdigest相同的格式,其“passwd”模块不包含SHA512支持。

• String#crypt, but that does not support SHA512. (edit: this is only the case on OSX - modern Linux distros will work if you specify "$6$somesalt" as the salt)

String#crypt,但不支持SHA512。 (编辑:这只是OSX的情况 - 如果指定“$ 6 $ somesalt”作为盐,现代Linux发行版将起作用)

• ruby-crypt gem, but it does not support SHA512

ruby-crypt gem,但它不支持SHA512

For comparison, something that does return the proper format is PHP's crypt, but I'd rather not have to exec out to PHP for something that should be simple.

为了比较,确实返回正确格式的东西是PHP的crypt,但我宁愿不必向PHP执行简单的操作。

1 个解决方案

#1

---