Last time I ran into it, it turned out that for *legitimate* salts,
the linux crypt() was compatible, but for out-of-range ones, there
were differing results. An easy way to test is to use perl. For
example:
solaris2.4+% perl -e 'print crypt("pass", "ab")."\n"'
abccBcrPOxnLU
solaris2.4+% perl -e 'print crypt("pass", "++")."\n"'
++kT1mYjlikoI
debian1.1+% perl -e 'print crypt("pass", "ab")."\n"'
abccBcrPOxnLU
debian1.1+% perl -e 'print crypt("pass", "++")."\n"'
++1clPVO6npvw
Note that with a salt of "ab" they match, but with a salt of "++" they
don't. Classic crypt() used 4096 legal salts (":" was obviously out, I
don't recall exactly what range was used.)
If anything, the bug is that the solaris system is generating "out of
range" salt values...
