summaryrefslogtreecommitdiff
path: root/doc/apps/passwd.pod
blob: f44982549bf1a2d22fb2516998277e4346350c3f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
=pod

=head1 NAME

passwd - compute password hashes

=head1 SYNOPSIS

B<openssl passwd>
[B<-crypt>]
[B<-1>]
[B<-apr1>]
[B<-salt> I<string>]
[B<-in> I<file>]
[B<-stdin>]
[B<-noverify>]
[B<-quiet>]
[B<-table>]
{I<password>}

=head1 DESCRIPTION

The B<passwd> command computes the hash of a password typed at
run-time or the hash of each password in a list.  The password list is
taken from the named file for option B<-in file>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
The Unix standard algorithm B<crypt> and the MD5-based BSD password
algorithm B<1> and its Apache variant B<apr1> are available.

=head1 OPTIONS

=over 4

=item B<-crypt>

Use the B<crypt> algorithm (default).

=item B<-1>

Use the MD5 based BSD password algorithm B<1>.

=item B<-apr1>

Use the B<apr1> algorithm (Apache variant of the BSD algorithm).

=item B<-salt> I<string>

Use the specified salt.
When reading a password from the terminal, this implies B<-noverify>.

=item B<-in> I<file>

Read passwords from I<file>.

=item B<-stdin>

Read passwords from B<stdin>.

=item B<-noverify>

Don't verify when reading a password from the terminal.

=item B<-quiet>

Don't output warnings when passwords given at the command line are truncated.

=item B<-table>

In the output list, prepend the cleartext password and a TAB character
to each password hash.

=back

=head1 EXAMPLES

B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.

B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.

B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.

=cut