'\" te
.\" Copyright (c) 2015, Oracle and/or its affiliates. All rights             reserved.
.TH pwhash 1 "27 Nov 2015" "SunOS 5.11" "User Commands"
.SH NAME
pwhash \- generate password hashes
.SH SYNOPSIS
.LP
.nf
pwhash [ -a <\fIhashalgorithm\fR> | -s <\fIsalt\fR>] [ -u <\fIuser\fR> ] 
.fi

.SH DESCRIPTION
.sp
.LP
With no arguments pwhash prompts for input (and reconfirms) and generates a password hash by using \fBattributes\fR(5) followed by \fBcrypt\fR(3C), and then displays the generated hash on \fBstdout\fR.
.sp
.LP
If input is redirected from \fBstdin\fR then that is used instead. The password is only required once on stdin. When reading from \fBstdin\fR, if the last character is a newline, it is discarded.
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.mk
.na
\fB\fB-a\fR\fR
.ad
.br
.na
\fB\fB--algorithm\fR=<\fIalgorithm\fR> \fR
.ad
.RS 28n
.rt  
Specifies a preference for the algorithm. If the algorithm is not allowed or does not exist, an error is shown.
.sp
The values are as per the key in \fBcrypt.conf\fR(4). For example, \fB__unix__\fR, \fB1\fR, \fBmd5\fR, \fB2a\fR, \fB5\fR, and \fB6\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-s\fR\fR
.ad
.br
.na
\fB\fB--salt\fR=<\fIsalt\fR>\fR
.ad
.RS 28n
.rt  
Full specification of the algorithm and salt. This option bypasses the \fBcrypt_gensalt\fR(3C) call and instead passes the supplied salt directly to \fBcrypt\fR(3C). This option is mutually exclusive with \fB-a\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-u\fR\fR
.ad
.br
.na
\fB\fB--user\fR=<\fIuser\fR>\fR
.ad
.RS 28n
.rt  
Specifies the username to be used with \fBcrypt_gensalt\fR(3C). Note that while the API allows for it, no current plugins delivered with Oracle Solaris for \fBcrypt_gensalt\fR(3C) make use of this.
.sp
If the user is not found then an error is returned and no hash is generated.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-h\fR\fR
.ad
.br
.na
\fB\fB--help\fR\fR
.ad
.RS 28n
.rt  
Displays the usage message.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRGenerating a SHA256 Based Hash Typing in the Password
.sp
.LP
The following example generates a SHA256 based hash typing in the password.

.sp
.in +2
.nf
$ \fBpwhash -a 5\fR 
Password: 
Re-enter Password: 
$5$DA/w/BgH$cB394/iYqj6pk/J6W0smfmKsGrYSGeWUvHsIMnUaZh. 
.fi
.in -2
.sp

.LP
\fBExample 2 \fRGenerating a Hash Using the System Default Algorithm Using \fBstdin\fR
.sp
.LP
The following example generates a hash by using the system default algorithm using \fBstdin\fR.

.sp
.in +2
.nf
$ \fBpwhash <<EOM\fR 
Ap@ssW0rdOnStdIN 
EOM 
$5$abaev.V6$9uyBXruzgbZn/OhqtIbvrjHpuoyDFbkQkJ47pdZA/JC 
.fi
.in -2
.sp

.LP
\fBExample 3 \fRGenerating a Hash Using an Existing Salt Specification
.sp
.LP
The following example genrates a hash by using an existing salt specification.

.sp
.in +2
.nf
$ \fBpwhash -s '$5$abaev.V6$'\fR 
     Password: 
     Re-enter Password: 
     $5$abaev.V6$0pPY.0X/4tsis67eCsMdJ63NO9cfHKokKvjtTOQ80jA 
.fi
.in -2
.sp

.LP
\fBExample 4 \fRAttempting to Generate a Hash Using a Deprecated Algorithm
.sp
.LP
The following example attempts to generate a hash by using a deprecated algorithm

.sp
.in +2
.nf
$ \fBpwhash -a __unix__\fR 
Requested algorithm not allowed by current crypt policy, see 
policy.conf(4).
.fi
.in -2
.sp

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Interface Stability
.TE

.SH SEE ALSO
.sp
.LP
\fBcrypt\fR(3C), \fBcrypt_gensalt\fR(3C), \fBpolicy.conf\fR(4), \fBcrypt.conf\fR(4)