Re: [PATCH] system: Make PAM use SHA-512 to encrypt passwords.

宋文武 Sat, 22 Aug 2015 08:01:18 -0700

宋文武 <iyzs...@gmail.com> writes:

> Fixes <https://bugs.gnu.org/21318>.
>
> * gnu/system/linux.scm (unix-pam-service)[password]: Add 'sha512'
>   to arguments.
> ---
>  gnu/system/linux.scm | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
> index aaaa8c6..cc2eabe 100644
> --- a/gnu/system/linux.scm
> +++ b/gnu/system/linux.scm
> @@ -148,7 +148,10 @@ should be the name of a file used as the 
> message-of-the-day."
>                            (module "pam_unix.so")
>                            (arguments '("nullok")))
>                           unix)))
> -         (password (list unix))
> +         (password (list (pam-entry
> +                          (control "required")
> +                          (module "pam_unix.so")
> +                          (arguments '("sha512")))))
To store the hashed passwords in '/etc/shadow' (0600) instead of
'/etc/passwd' (0644), we should add 'shadow' to arguments too.
>           (session (if motd
>                        (list unix
>                              (pam-entry
> -- 
> 2.4.3

Re: [PATCH] system: Make PAM use SHA-512 to encrypt passwords.

Reply via email to