LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

shadow: change default encryption method from DES to SHA512 

Busybox in default uses SHA512 as well.

On big ditribution this default is sourced from PAM. That means that
shadow reads pam settings and uses that. OpenWrt in most cases does not
have PAM installed and in such case shadow fallbacks to its own default
which is DES. This just changes that default to SHA512 which is
consistent with rest of the system.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
lilik-openwrt-22.03
Karel Kočí 6 years ago
parent
dde503da13
commit
f27ce05a58
No known key found for this signature in database GPG Key ID: D83BD732AC2BD828
2 changed files with 12 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      utils/shadow/Makefile
  2. +11
    -0
      utils/shadow/patches/005-set-encrypt-method-sha512.patch

+ 1
- 1
utils/shadow/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=shadow
PKG_VERSION:=4.6
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/shadow-maint/shadow/releases/download/$(PKG_VERSION)


+ 11
- 0
utils/shadow/patches/005-set-encrypt-method-sha512.patch View File

@ -0,0 +1,11 @@
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -317,7 +317,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.

Write Preview
Loading…
Cancel
Save