You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
3.0 KiB
70 lines
3.0 KiB
7 years ago
|
diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
|
||
|
--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 11:04:56.000000000 +0200
|
||
|
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.442036404 +0200
|
||
|
@@ -265,11 +265,10 @@
|
||
|
<listitem>
|
||
|
<para>
|
||
|
When a user changes their password next,
|
||
|
- encrypt it with the SHA256 algorithm. If the
|
||
|
- SHA256 algorithm is not known to the <citerefentry>
|
||
|
+ encrypt it with the SHA256 algorithm. The
|
||
|
+ SHA256 algorithm must be supported by the <citerefentry>
|
||
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
||
|
- </citerefentry> function,
|
||
|
- fall back to MD5.
|
||
|
+ </citerefentry> function.
|
||
|
</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
@@ -280,11 +279,10 @@
|
||
|
<listitem>
|
||
|
<para>
|
||
|
When a user changes their password next,
|
||
|
- encrypt it with the SHA512 algorithm. If the
|
||
|
- SHA512 algorithm is not known to the <citerefentry>
|
||
|
+ encrypt it with the SHA512 algorithm. The
|
||
|
+ SHA512 algorithm must be supported by the <citerefentry>
|
||
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
||
|
- </citerefentry> function,
|
||
|
- fall back to MD5.
|
||
|
+ </citerefentry> function.
|
||
|
</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
@@ -295,11 +293,10 @@
|
||
|
<listitem>
|
||
|
<para>
|
||
|
When a user changes their password next,
|
||
|
- encrypt it with the blowfish algorithm. If the
|
||
|
- blowfish algorithm is not known to the <citerefentry>
|
||
|
+ encrypt it with the blowfish algorithm. The
|
||
|
+ blowfish algorithm must be supported by the <citerefentry>
|
||
|
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
||
|
- </citerefentry> function,
|
||
|
- fall back to MD5.
|
||
|
+ </citerefentry> function.
|
||
|
</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
|
||
|
--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:48:12.409632377 +0200
|
||
|
+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172291 +0200
|
||
|
@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
|
||
|
if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
|
||
|
/* libxcrypt/libc doesn't know the algorithm, use MD5 */
|
||
|
pam_syslog(pamh, LOG_ERR,
|
||
|
- "Algo %s not supported by the crypto backend, "
|
||
|
- "falling back to MD5\n",
|
||
|
+ "Algo %s not supported by the crypto backend.\n",
|
||
|
on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
|
||
|
on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
|
||
|
on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
|
||
|
if(sp) {
|
||
|
memset(sp, '\0', strlen(sp));
|
||
|
}
|
||
|
- return crypt_md5_wrapper(password);
|
||
|
+ return NULL;
|
||
|
}
|
||
|
|
||
|
return x_strdup(sp);
|