summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego 'Flameeyes' Pettenò <flameeyes@gmail.com>2008-08-01 16:04:58 +0200
committerDiego 'Flameeyes' Pettenò <flameeyes@gmail.com>2008-08-01 16:04:58 +0200
commitdacae920a1d6f8c1a97bdc0354408b81a3ed3aef (patch)
tree4867baa1442e9805607b3d9339e33f31e57bb840
parentPrettify. (diff)
downloadpambase-dacae920a1d6f8c1a97bdc0354408b81a3ed3aef.tar.gz
pambase-dacae920a1d6f8c1a97bdc0354408b81a3ed3aef.tar.bz2
pambase-dacae920a1d6f8c1a97bdc0354408b81a3ed3aef.zip
Add support for using SHA512 hashihg for shadow passwords.pambase-20080801
Instead of only supporting MD5-hashed passwords, make it possible to use SHA512-hashed passwords, which should be stronger. This requires glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported by libcrypt, Linux-PAM will fallback to MD5 like before.
-rw-r--r--Makefile4
-rw-r--r--linux-pam-conf6
-rw-r--r--openpam-conf4
3 files changed, 13 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 651b641..229927e 100644
--- a/Makefile
+++ b/Makefile
@@ -44,6 +44,10 @@ ifeq "$(PAM_SSH)" "yes"
PAMFLAGS += -DHAVE_PAM_SSH=1
endif
+ifeq "$(SHA512)" "yes"
+PAMFLAGS += -DWANT_SHA512=1
+endif
+
ifeq "$(DEBUG)" "yes"
PAMFLAGS += -DDEBUG=debug
endif
diff --git a/linux-pam-conf b/linux-pam-conf
index 44087d8..ee34768 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -9,7 +9,11 @@
#define SUPPORT_NOLOGIN_ACCOUNT 1
#define SUPPORT_NOLOGIN_AUTH 1
-#define UNIX_EXTENDED_ENCRYPTION md5 shadow
+#if WANT_SHA512
+# define UNIX_EXTENDED_ENCRYPTION sha512 shadow
+#else
+# define UNIX_EXTENDED_ENCRYPTION md5 shadow
+#endif
#define LIKEAUTH likeauth
#define DEBUG_NOLOGIN
diff --git a/openpam-conf b/openpam-conf
index 60debed..a60581b 100644
--- a/openpam-conf
+++ b/openpam-conf
@@ -20,4 +20,8 @@
# define SUPPORT_NOLOGIN_AUTH 1
# endif
+# if defined(WANT_SHA512)
+# error "SHA512 support is not present for FreeBSD!"
+# endif
+
#endif /* __FreeBSD__ */