- change the default password hash to sha512

2010-02-15 17:25:28 +00:00 · 2010-02-15 17:25:28 +00:00 · e3430d85d2
commit e3430d85d2
parent 3f424c65d3
3 changed files with 8 additions and 8 deletions
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License: BSD and GPLv2+
@ -333,6 +333,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html

 %changelog
+* Mon Feb 15 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-4
+- change the default password hash to sha512
+
 * Fri Jan 22 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-3
 - fix wrong prompt when pam_get_authtok is used for new password

--- a/password-auth.pamd
+++ b/password-auth.pamd
@ -2,16 +2,13 @@
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
-auth        sufficient    pam_unix.so nullok try_first_pass
+auth        sufficient    pam_unix.so try_first_pass nullok
 auth        required      pam_deny.so

 account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     required      pam_permit.so

 password    requisite     pam_cracklib.so try_first_pass retry=3 type=
-password    sufficient    pam_unix.so nullok try_first_pass use_authtok
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
 password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke
--- a/system-auth.pamd
+++ b/system-auth.pamd
@ -7,8 +7,8 @@ auth        required      pam_deny.so

 account     required      pam_unix.so

-password    required      pam_cracklib.so try_first_pass retry=3
-password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5 shadow
+password    requisite     pam_cracklib.so try_first_pass retry=3 type=
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
 password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke