diff options
author | Diego 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2008-08-01 16:04:58 +0200 |
---|---|---|
committer | Diego 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2008-08-01 16:04:58 +0200 |
commit | dacae920a1d6f8c1a97bdc0354408b81a3ed3aef (patch) | |
tree | 4867baa1442e9805607b3d9339e33f31e57bb840 | |
parent | Prettify. (diff) | |
download | pambase-20080801.tar.gz pambase-20080801.tar.bz2 pambase-20080801.zip |
Add support for using SHA512 hashihg for shadow passwords.pambase-20080801
Instead of only supporting MD5-hashed passwords, make it possible to
use SHA512-hashed passwords, which should be stronger. This requires
glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported
by libcrypt, Linux-PAM will fallback to MD5 like before.
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | linux-pam-conf | 6 | ||||
-rw-r--r-- | openpam-conf | 4 |
3 files changed, 13 insertions, 1 deletions
@@ -44,6 +44,10 @@ ifeq "$(PAM_SSH)" "yes" PAMFLAGS += -DHAVE_PAM_SSH=1 endif +ifeq "$(SHA512)" "yes" +PAMFLAGS += -DWANT_SHA512=1 +endif + ifeq "$(DEBUG)" "yes" PAMFLAGS += -DDEBUG=debug endif diff --git a/linux-pam-conf b/linux-pam-conf index 44087d8..ee34768 100644 --- a/linux-pam-conf +++ b/linux-pam-conf @@ -9,7 +9,11 @@ #define SUPPORT_NOLOGIN_ACCOUNT 1 #define SUPPORT_NOLOGIN_AUTH 1 -#define UNIX_EXTENDED_ENCRYPTION md5 shadow +#if WANT_SHA512 +# define UNIX_EXTENDED_ENCRYPTION sha512 shadow +#else +# define UNIX_EXTENDED_ENCRYPTION md5 shadow +#endif #define LIKEAUTH likeauth #define DEBUG_NOLOGIN diff --git a/openpam-conf b/openpam-conf index 60debed..a60581b 100644 --- a/openpam-conf +++ b/openpam-conf @@ -20,4 +20,8 @@ # define SUPPORT_NOLOGIN_AUTH 1 # endif +# if defined(WANT_SHA512) +# error "SHA512 support is not present for FreeBSD!" +# endif + #endif /* __FreeBSD__ */ |