Originally from the User Slack
@Greg_Day: Hello, hopefully this is a quick one for anyone who knows. On this documentation page https://opensource.docs.scylladb.com/stable/operating-scylla/security/create-superuser.html#setting-custom-superuser-credentials-in-scylla-yaml this configuration value is described:
auth_superuser_salted_password: <superuser salted password as processed by mkpassword or similar - cleartext is not allowed>
What method of salting is used? Can I simply do mkpasswd '$secure-password' and use that output here? Thanks.
Creating a Custom Superuser | ScyllaDB Docs
that did not work, I still had to manually create the alternate superuser. What am I doing wrong?
@LikDan: idk how this works on Linux, but on MacOS to generate password’s hash you can use
openssl passwd -6 password12345678
where password12345678 is your password
than you will have output similar to this
$6$/PRr56xlMXctw5B5$kwxT3g4MTekVc.0o46izORDbR2DsCaztI2L0kxs6mKaHsnNCns8vsrYVzcz2iRphNewLco8Iydg.ZuiHmw4Ii/
and this is you have to paste in scylla.yml file
p.s. if I am not mistaken scylla use SHA-512 algorithm
@Greg_Day: Thanks! yeah openssl passwd -6 claims it uses:
> -6 Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper. See <https://www.akkadia.org/drepper/SHA-crypt.txt>.
with mkpasswd that’s mkpasswd -m sha512crypt "yourpasswordhere"