Change the default password hash method to yescrypt

This commit is contained in:
Björn Esser 2021-06-10 21:23:06 +02:00
parent 3b25774300
commit 9ba9b6c09d
No known key found for this signature in database
GPG Key ID: F52E98007594C21D
3 changed files with 6 additions and 3 deletions

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.5.1 Version: 1.5.1
Release: 6%{?dist} Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -381,6 +381,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
exit 0 exit 0
%changelog %changelog
* Thu Jun 10 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.1-7
- Change the default password hash method to yescrypt
* Thu Jun 10 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.1-6 * Thu Jun 10 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.1-6
- Add a patch to not use crypt_checksalt for password expiration - Add a patch to not use crypt_checksalt for password expiration
Resolves: #1965345, #1967150 Resolves: #1965345, #1967150

View File

@ -6,7 +6,7 @@ auth required pam_deny.so
account required pam_unix.so account required pam_unix.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
password required pam_deny.so password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke

View File

@ -6,7 +6,7 @@ auth required pam_deny.so
account required pam_unix.so account required pam_unix.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
password required pam_deny.so password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke