Ability to set the crypt type for passwords

Version 1.43

Feature
Finished

The default crypt in DA is MD5 which uses the $1$ type for the crypt command. A new directadmin.conf option will allow the 1 to be changed to a 6 for sha-512, if desired (giving $6$) This should allow you to be GDPR compliant. Default internal value: crypt_method=1 If you'd like passwords to use sha-512, add this to your directadmin.conf, and restart DA: crypt_method=6 This will affect all calls that DA makes to the "crypt" function. This includes: - Email accounts - FTP accounts - DA accounts, but only in some cases (varies per OS) The DA accounts have their password crypt created from different places, depending on what's going on. Below will outline which cases are used, and will either show what is used to generate the crypt, or it will show "crypt", which will be affected by this change. Any values that do not show "crypt" will not use DA's crypt() function, thus will not use this feature (crypt method controlled via other configs) 1) Changing a password: FreeBSD: crypt Debian: chpasswd Linux: passwd 2) Creating a User: FreeBSD: pw Debian: crypt Linux: crypt 3) Restores just copy the old encrypted data, so this feature does not apply to the backup/restores. For the non-"crypt" methods, see this guide: http://help.directadmin.com/item.php?id=248 This only affects the above crypt methods when triggered. Existing encryptions are not touched until one of the above crypt methods is triggered (Eg: if you reset the password and it uses crypt) Password protected directories (as of 1.43.0) use openssl to generate an $apr1$ crypt. http://www.directadmin.com/features.php?id=1429 However, if the crypt generation fails with the openssl binary, then crypt() is used to to generate the passwod crypt... however, it defaults to a very old DES method without $1$.. so this feature will not apply to password protected directories from 1.43.0 and newer. Versions of DA older than this do use the local crypt (eg: $1$), but this feature doesn't exist.. so still wouldn't apply.

Interested to try DirectAdmin? Get a 30-day Free Trial!