From dacae920a1d6f8c1a97bdc0354408b81a3ed3aef Mon Sep 17 00:00:00 2001 From: Diego 'Flameeyes' Pettenò Date: Fri, 1 Aug 2008 16:04:58 +0200 Subject: Add support for using SHA512 hashihg for shadow passwords. Instead of only supporting MD5-hashed passwords, make it possible to use SHA512-hashed passwords, which should be stronger. This requires glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported by libcrypt, Linux-PAM will fallback to MD5 like before. --- Makefile | 4 ++++ linux-pam-conf | 6 +++++- openpam-conf | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 651b641..229927e 100644 --- a/Makefile +++ b/Makefile @@ -44,6 +44,10 @@ ifeq "$(PAM_SSH)" "yes" PAMFLAGS += -DHAVE_PAM_SSH=1 endif +ifeq "$(SHA512)" "yes" +PAMFLAGS += -DWANT_SHA512=1 +endif + ifeq "$(DEBUG)" "yes" PAMFLAGS += -DDEBUG=debug endif diff --git a/linux-pam-conf b/linux-pam-conf index 44087d8..ee34768 100644 --- a/linux-pam-conf +++ b/linux-pam-conf @@ -9,7 +9,11 @@ #define SUPPORT_NOLOGIN_ACCOUNT 1 #define SUPPORT_NOLOGIN_AUTH 1 -#define UNIX_EXTENDED_ENCRYPTION md5 shadow +#if WANT_SHA512 +# define UNIX_EXTENDED_ENCRYPTION sha512 shadow +#else +# define UNIX_EXTENDED_ENCRYPTION md5 shadow +#endif #define LIKEAUTH likeauth #define DEBUG_NOLOGIN diff --git a/openpam-conf b/openpam-conf index 60debed..a60581b 100644 --- a/openpam-conf +++ b/openpam-conf @@ -20,4 +20,8 @@ # define SUPPORT_NOLOGIN_AUTH 1 # endif +# if defined(WANT_SHA512) +# error "SHA512 support is not present for FreeBSD!" +# endif + #endif /* __FreeBSD__ */ -- cgit v1.2.3-65-gdbad