On 2006/07/04 16:53, Steffen Kluge wrote: > Because the hashes in master.passwd are salted, as you come to realise > yourself further down in your post.
Storing the old crypted passwords from master.passwd gives you the following information when someone changes their password: Typed new password (cleartext) Old passwords (salted+enciphered) Salts used to encipher old passwords So you run through the old salts, for each one you hash the new password with the old salt, and see if it matches. passwordcheck (login.conf) currently only feeds the password, not the username, to the checking program; this is no good for this purpose, since it makes it too easy to test other user's passwords, and would be slow on a busy system.
