[Pkg-shadow-devel] redhat patches
Nicolas François
nicolas.francois at centraliens.net
Sat Nov 24 13:16:35 UTC 2007
Hello,
On Thu, Nov 15, 2007 at 03:02:12PM +0100, pvrabec at redhat.com wrote:
> On Thursday 15 November 2007 01:15:58 am Nicolas François wrote:
> > 2 How does your patch behaves with an old libc?
> > The configure script will need an option and maybe a detection script.
>
> you are right, we need to check glibc in configure.
I added a protection mechanism in lib/encrypt.c to make sure that if
SHA256 is requested, and if crypt returns a DES password, the passwords
are not changed.
(tested on glibc 2.6)
I added a --with-sha-crypt configure option , which I think is safe to
always enable. Disabling it will disable the SHA256 and SHA512
algorithms, but also remove them from the documentation (manuals and usage
strings), which may be interesting if you know your system will never
support the SHA password encryption algorithms.
BTW, I also removed the macro ENCRYPTMETHOD_SELECT (ENCRYPT_METHOD is
always supported in login.defs), and added USE_SHA_CRYPT to only disable
the SHA sections (this mostly matches with the ENCRYPTMETHOD_SELECT
sections).
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list