This knowledge article details the passwd_distribution_encryption_mode and passwd_local_encryption_method tokens.
The following conditions must be met for the endpoint to choose how the password is stored.
- The subscriber passwd_distribution_encryption_mode must match the same mode on the PMDB.
- If they match, then the subscriber chosen passwd_local_encryption_method is employed, and reflected in /etc/shadow.
- If passwd_distribution_encryption_mode does not match, then the subscriber local storage defaults to the method chosen on the PMDB. The local method value is ignored.
Note: *- If passwd_distribution_encryption_mode = 2 (md5) is chosen on the PMDB, the subscriber cannot choose between crypt or md5 as a local method. It will always be an md5 hash in /etc/shadow.
Token Details as found in our seos.ini file and listed below.
; This token indicates which password encryption method the local system; uses to distribute user passwords.; Valid values are: '1' - Compatibility mode - working with older; versions of eAC, hence we use 'crypt' like we used to,; or '2' - MD5 hashing - when working in Linux only environment use; 'crypt' with MD5 salt, or '3' - bidirectional mode - where we encrypt; the passwords with our own bidirectional encryption.; Default Value: 1
; This token indicates which password encryption method the local system; stores user passwords.; Valid values are: 'crypt' - DES crypt/bigcrypt, or 'md5' - MD5 hashing.; Default Value: crypt