From e3430d85d2599cd466dd9f9334d0f8924e2106c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Mon, 15 Feb 2010 17:25:28 +0000 Subject: [PATCH] - change the default password hash to sha512 --- pam.spec | 5 ++++- password-auth.pamd | 7 ++----- system-auth.pamd | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pam.spec b/pam.spec index 16acff6..956517b 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.1.1 -Release: 3%{?dist} +Release: 4%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ @@ -333,6 +333,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Mon Feb 15 2010 Tomas Mraz 1.1.1-4 +- change the default password hash to sha512 + * Fri Jan 22 2010 Tomas Mraz 1.1.1-3 - fix wrong prompt when pam_get_authtok is used for new password diff --git a/password-auth.pamd b/password-auth.pamd index fef15f6..aee23d0 100644 --- a/password-auth.pamd +++ b/password-auth.pamd @@ -2,16 +2,13 @@ # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass +auth sufficient pam_unix.so try_first_pass nullok auth required pam_deny.so account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= -password sufficient pam_unix.so nullok try_first_pass use_authtok +password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password required pam_deny.so session optional pam_keyinit.so revoke diff --git a/system-auth.pamd b/system-auth.pamd index afd0e67..aee23d0 100644 --- a/system-auth.pamd +++ b/system-auth.pamd @@ -7,8 +7,8 @@ auth required pam_deny.so account required pam_unix.so -password required pam_cracklib.so try_first_pass retry=3 -password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow +password requisite pam_cracklib.so try_first_pass retry=3 type= +password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password required pam_deny.so session optional pam_keyinit.so revoke