char *crypt_gensalt(const char *oldsalt, const struct passwd *userinfo);
The crypt_gensalt() function generates the salt string required by crypt(3C).
If oldsalt is NULL, crypt_gensalt() uses the algorithm defined by CRYPT_DEFAULT in /etc/security/policy.conf. See policy.conf(4).
If oldsalt is non-null, crypt_gensalt() determines if the algorithm specified by oldsalt is allowable by checking the CRYPT_ALGORITHMS_ALLOW and CRYPT_ALGORITHMS_DEPRECATE variables in /etc/security/policy.conf. If the algorithm is allowed, crypt_gensalt() loads the appropriate shared library and calls crypt_gensalt_impl(3C). If the algorithm is not allowed or there is no entry for it in crypt.conf, crypt_gensalt() uses the default algorithm.
The mechanism just described provides a means to migrate users to new password hashing algorithms when the password is changed.
Upon successful completion, crypt_gensalt() returns a pointer to the new salt. Otherwise a null pointer is returned and errno is set to indicate the error.
The crypt_gensalt() function will fail if:
EINVAL The configuration file crypt.conf contains an invalid entry.
ELIBACC The required shared library was not found.
ENOMEM There is insufficient memory to perform hashing.
The value returned by crypt_gensalt() points to a null-terminated string. The caller of crypt_gensalt() is responsible for calling free(3C).
Applications dealing with user authentication and password changing should not call crypt_gensalt() directly but should instead call the appropriate pam(3PAM) functions.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
passwd(1), crypt(3C), crypt_genhash_impl(3C), crypt_gensalt_impl(3C), getpassphrase(3C), malloc(3C), pam(3PAM), crypt.conf(4), passwd(4), policy.conf(4), attributes(5)