[Pkg-shadow-devel] Bug#657717: login: ENCRYPT_METHOD default should be changed to SHA512
Mario B.
mario.gnudeb at gmail.com
Sat Jan 28 11:01:43 UTC 2012
Package: login
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: normal
Hi,
I use a group protected by a password longer than 8 characters, but only the first eight ones are checked when using newgrp or sg. I have checked also user password, but they work as expected.
The problem is the ENCRYPT_METHOD default (DES) for gpasswd in /etc/login.defs. Given that "man login.defs" recommends that ENCRYPT_METHOD is set consistently with the PAM configuration (pam_unix.so obscure sha512 in /etc/pam.d/common-password), I think that the default value for ENCRYPT_METHOD should be changed to SHA512.
Regards
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable'), (550, 'testing'), (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages login depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
login recommends no packages.
login suggests no packages.
-- Configuration Files:
/etc/login.defs changed [not included]
/etc/pam.d/login changed [not included]
/etc/securetty [Errno 13] Permission denied: u'/etc/securetty'
-- no debconf information
More information about the Pkg-shadow-devel
mailing list