shadow: enable SHA512 passwords by default in PAM.

--HG-- extra : convert_revision : 69e23e2a9af2b6a04082e3833795489f958a5932
2008-12-16 22:47:10 +01:00 · 2008-12-16 22:47:10 +01:00 · 3b5bd74e04
commit 3b5bd74e04
parent dc5030514b
1 changed files with 27 additions and 27 deletions
--- a/templates/shadow-enable-pam.diff
+++ b/templates/shadow-enable-pam.diff
@ -170,7 +170,7 @@
 +++ etc/pam.d/login	2008-12-16 03:29:56.000000000 +0100
@@ -1,11 +1,13 @@
 -#%PAM-1.0
-+auth        requisite      pam_nologin.so
+auth		requisite	pam_nologin.so
 auth		required	pam_securetty.so
 -auth		include		system-auth
 -account		required	pam_nologin.so
@ -181,17 +181,17 @@
 -session		required	pam_loginuid.so
 -session		optional	pam_console.so
 -session		required	pam_selinux.so open
-+auth        required       pam_unix.so
-+account     required       pam_access.so
-+account     required       pam_unix.so
-+session     required       pam_env.so
-+session     required       pam_motd.so
-+session     required       pam_limits.so
-+session     optional       pam_mail.so      dir=/var/mail standard
-+session     optional       pam_lastlog.so
-+session     required       pam_unix.so
-+password    required       pam_cracklib.so  retry=3
-+password    required       pam_unix.so      md5 shadow use_authtok
+auth		required	pam_unix.so
+account	required	pam_access.so
+account	required	pam_unix.so
+session	required	pam_env.so
+session	required	pam_motd.so
+session	required	pam_limits.so
+session	optional	pam_mail.so	dir=/var/mail standard
+session	optional	pam_lastlog.so
+session	required	pam_unix.so
+password	required	pam_cracklib.so  retry=3
+password	required	pam_unix.so      sha512 shadow use_authtok
 --- etc/pam.d/passwd.orig	2008-12-16 03:30:36.000000000 +0100
 +++ etc/pam.d/passwd	2008-12-16 03:30:52.000000000 +0100
@@ -1,4 +1,6 @@
@ -199,12 +199,12 @@
 -auth		include		system-auth
 -account		include		system-auth
 -password	include		system-auth
-+password    required       pam_cracklib.so  type=Linux retry=1 \
-+                                            difok=5 diffignore=23 minlen=9 \
-+                                            dcredit=1 ucredit=1 lcredit=1 \
-+                                            ocredit=1 \
-+                                            dictpath=/lib/cracklib/pw_dict
-+password    required       pam_unix.so      md5 shadow use_authtok
+password	required	pam_cracklib.so  type=Linux retry=1 \
+						difok=5 diffignore=23 minlen=9 \
+						dcredit=1 ucredit=1 lcredit=1 \
+						ocredit=1 \
+						dictpath=/lib/cracklib/pw_dict
+password	required	pam_unix.so	sha512 shadow use_authtok
 --- etc/pam.d/su.orig	2008-12-16 03:31:25.000000000 +0100
 +++ etc/pam.d/su	2008-12-16 03:31:35.000000000 +0100
@@ -1,13 +1,7 @@
@ -220,12 +220,12 @@
 -session		required	pam_selinux.so close
 -session		include		system-auth
 -session		required	pam_selinux.so open multiple
-+auth        required        pam_unix.so
-+account     required        pam_unix.so
-+session     optional        pam_mail.so     dir=/var/mail standard
+auth		required	pam_unix.so
+account	required	pam_unix.so
+session	optional	pam_mail.so	dir=/var/mail standard
 session		optional	pam_xauth.so
-+session     required        pam_env.so
-+session     required        pam_unix.so
+session	required	pam_env.so
+session	required	pam_unix.so
 --- etc/pam.d/chage.orig	2008-12-16 03:32:38.000000000 +0100
 +++ etc/pam.d/chage	2008-12-16 03:32:56.000000000 +0100
@@ -1,4 +1,5 @@
@ -233,7 +233,7 @@
 auth		sufficient	pam_rootok.so
 -account		required	pam_permit.so
 -password	include		system-auth
-+auth        required        pam_unix.so
-+account     required        pam_unix.so
-+session     required        pam_unix.so
-+password    required        pam_permit.so
+auth		required	pam_unix.so
+account	required	pam_unix.so
+session	required	pam_unix.so
+password	required	pam_permit.so