106 lines
4.2 KiB
Diff
106 lines
4.2 KiB
Diff
Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml
|
|
===================================================================
|
|
--- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix.8.xml
|
|
+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml
|
|
@@ -293,11 +293,10 @@
|
|
<listitem>
|
|
<para>
|
|
When a user changes their password next,
|
|
- encrypt it with the SHA256 algorithm. If the
|
|
- SHA256 algorithm is not known to the <citerefentry>
|
|
+ encrypt it with the SHA256 algorithm. The
|
|
+ SHA256 algorithm must be supported by the <citerefentry>
|
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
- </citerefentry> function,
|
|
- fall back to MD5.
|
|
+ </citerefentry> function.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
@@ -308,11 +307,10 @@
|
|
<listitem>
|
|
<para>
|
|
When a user changes their password next,
|
|
- encrypt it with the SHA512 algorithm. If the
|
|
- SHA512 algorithm is not known to the <citerefentry>
|
|
+ encrypt it with the SHA512 algorithm. The
|
|
+ SHA512 algorithm must be supported by the <citerefentry>
|
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
- </citerefentry> function,
|
|
- fall back to MD5.
|
|
+ </citerefentry> function.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
@@ -323,11 +321,10 @@
|
|
<listitem>
|
|
<para>
|
|
When a user changes their password next,
|
|
- encrypt it with the blowfish algorithm. If the
|
|
- blowfish algorithm is not known to the <citerefentry>
|
|
+ encrypt it with the blowfish algorithm. The
|
|
+ blowfish algorithm must be supported by the <citerefentry>
|
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
- </citerefentry> function,
|
|
- fall back to MD5.
|
|
+ </citerefentry> function.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
@@ -338,11 +335,10 @@
|
|
<listitem>
|
|
<para>
|
|
When a user changes their password next,
|
|
- encrypt it with the gost-yescrypt algorithm. If the
|
|
- gost-yescrypt algorithm is not known to the <citerefentry>
|
|
+ encrypt it with the gost-yescrypt algorithm. The
|
|
+ gost-yescrypt algorithm must be supported by the <citerefentry>
|
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
- </citerefentry> function,
|
|
- fall back to MD5.
|
|
+ </citerefentry> function.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
@@ -353,11 +349,10 @@
|
|
<listitem>
|
|
<para>
|
|
When a user changes their password next,
|
|
- encrypt it with the yescrypt algorithm. If the
|
|
- yescrypt algorithm is not known to the <citerefentry>
|
|
+ encrypt it with the yescrypt algorithm. The
|
|
+ yescrypt algorithm must be supported by the <citerefentry>
|
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
- </citerefentry> function,
|
|
- fall back to MD5.
|
|
+ </citerefentry> function.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c
|
|
===================================================================
|
|
--- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c
|
|
+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c
|
|
@@ -466,10 +466,9 @@ PAMH_ARG_DECL(char * create_password_has
|
|
sp = crypt(password, salt);
|
|
#endif
|
|
if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
|
|
- /* libxcrypt/libc doesn't know the algorithm, use MD5 */
|
|
+ /* libxcrypt/libc doesn't know the algorithm, error out */
|
|
pam_syslog(pamh, LOG_ERR,
|
|
- "Algo %s not supported by the crypto backend, "
|
|
- "falling back to MD5\n",
|
|
+ "Algo %s not supported by the crypto backend.\n",
|
|
on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" :
|
|
on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" :
|
|
on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
|
|
@@ -481,7 +480,7 @@ PAMH_ARG_DECL(char * create_password_has
|
|
#ifdef HAVE_CRYPT_R
|
|
free(cdata);
|
|
#endif
|
|
- return crypt_md5_wrapper(password);
|
|
+ return NULL;
|
|
}
|
|
sp = x_strdup(sp);
|
|
#ifdef HAVE_CRYPT_R
|