From 6d12858dab74d52d304e080eee7098d9d4910864 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Mon, 30 Oct 2023 16:40:25 +0100 Subject: [PATCH] login.defs: include SHA_CRYPT_MAX_ROUNDS Resolves: RHEL-15024 Signed-off-by: Iker Pedrosa --- shadow-utils.login.defs | 18 +++++++++++++++++- shadow-utils.spec | 5 ++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/shadow-utils.login.defs b/shadow-utils.login.defs index 12d516c..c50e46e 100644 --- a/shadow-utils.login.defs +++ b/shadow-utils.login.defs @@ -77,6 +77,22 @@ CREATE_HOME yes # USERGROUPS_ENAB yes -# Use SHA512 to encrypt password. +# +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password +# ENCRYPT_METHOD SHA512 +# +# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute-force the password. +# However, more CPU resources will be needed to authenticate users if +# this value is increased. +# +# The values must be within the 1000-999999999 range. +# +SHA_CRYPT_MAX_ROUNDS 5000 + diff --git a/shadow-utils.spec b/shadow-utils.spec index 11c1134..3fac325 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.6 -Release: 19%{?dist} +Release: 20%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz @@ -373,6 +373,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_libdir}/libsubid.so %changelog +* Mon Oct 30 2023 Iker Pedrosa - 2:4.6-20 +- login.defs: include SHA_CRYPT_MAX_ROUNDS. Resolves: RHEL-15024 + * Wed Jul 12 2023 Iker Pedrosa - 2:4.6-19 - gpasswd: fix password leak. Resolves: #2215947