diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2018-11-26 22:33:17 +0100 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2018-11-27 13:29:53 +0100 |
| commit | 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 (patch) | |
| tree | aa81e82644f48122d9e7d1ef4866c7e80dbfcf2d /modules/pam_unix/passverify.h | |
| parent | 396ef3a1c93457fe66391627eb996b920be94fb2 (diff) | |
| download | pam-86eed7ca01864b9fd17099e57f10f2b9b6b568a1.tar.gz pam-86eed7ca01864b9fd17099e57f10f2b9b6b568a1.tar.bz2 pam-86eed7ca01864b9fd17099e57f10f2b9b6b568a1.zip | |
pam_unix: Report unusable hashes found by checksalt to syslog.
libxcrypt can be build-time configured to support (or not support)
various hashing methods. Future versions will also have support for
runtime configuration by the system's vendor and/or administrator.
For that reason adminstrator should be notified by pam if users cannot
log into their account anymore because of such a change in the system's
configuration of libxcrypt.
Also check for malformed hashes, like descrypt hashes starting with
"$2...", which might have been generated by unsafe base64 encoding
functions as used in glibc <= 2.16.
Such hashes are likely to be rejected by many recent implementations
of libcrypt.
* modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable
hashes found by checksalt to syslog.
Diffstat (limited to 'modules/pam_unix/passverify.h')
0 files changed, 0 insertions, 0 deletions