diff options
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/local/common-password | 4 | ||||
| -rw-r--r-- | debian/pam-configs/unix | 4 |
3 files changed, 10 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 4f6abe97..637b76db 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ pam (1.1.0-2) UNRELEASED; urgency=low + [ Steve Langasek ] * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch to call setregid() instead of always returning an error on username mismatch in unix_chkpwd, needed in the SELinux case and in some corner @@ -19,7 +20,11 @@ pam (1.1.0-2) UNRELEASED; urgency=low * Updated debconf translations: - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #544464) - -- Steve Langasek <vorlon@debian.org> Wed, 26 Aug 2009 09:23:57 -0700 + [ Kees Cook ] + * debian/local/common-password, debian/pam-configs/unix: switch from "md5" + to "sha512" as password crypt default. + + -- Kees Cook <kees@debian.org> Mon, 31 Aug 2009 12:31:42 -0700 pam (1.1.0-1) unstable; urgency=low diff --git a/debian/local/common-password b/debian/local/common-password index dab20333..963f1eb4 100644 --- a/debian/local/common-password +++ b/debian/local/common-password @@ -7,8 +7,8 @@ # Explanation of pam_unix options: # -# The "md5" option enables MD5 passwords. Without this option, the -# default is Unix crypt. +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. diff --git a/debian/pam-configs/unix b/debian/pam-configs/unix index 4bb6bab4..23a04f14 100644 --- a/debian/pam-configs/unix +++ b/debian/pam-configs/unix @@ -18,6 +18,6 @@ Session-Initial: required pam_unix.so Password-Type: Primary Password: - [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass md5 + [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 Password-Initial: - [success=end default=ignore] pam_unix.so obscure md5 + [success=end default=ignore] pam_unix.so obscure sha512 |