From ca9b3f1aab59ef5297590a754c6f616a24d758ee25640133c7110b06a4b0186d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 5 Feb 2013 12:20:33 +0000 Subject: [PATCH] - Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006] OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=7 --- shadow-login_defs.diff | 41 +++++++++++++++++++++++++++++++++-------- shadow.changes | 5 +++++ shadow.spec | 2 +- 3 files changed, 39 insertions(+), 9 deletions(-) diff --git a/shadow-login_defs.diff b/shadow-login_defs.diff index 6386af4..1de9452 100644 --- a/shadow-login_defs.diff +++ b/shadow-login_defs.diff @@ -1,5 +1,5 @@ --- etc/login.defs -+++ etc/login.defs 2012/11/13 16:30:57 ++++ etc/login.defs 2013/02/05 12:16:54 @@ -1,8 +1,6 @@ # # /etc/login.defs - Configuration control definitions for the shadow package. @@ -260,7 +260,7 @@ # Which fields may be changed by regular users using chfn - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -277,13 +167,6 @@ +@@ -277,29 +167,6 @@ CHFN_RESTRICT rwh # @@ -271,10 +271,35 @@ -#LOGIN_STRING "%s's Password: " - -# - # Only works if compiled with MD5_CRYPT defined: - # If set to "yes", new passwords will be encrypted using the MD5-based - # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -345,16 +228,12 @@ +-# Only works if compiled with MD5_CRYPT defined: +-# If set to "yes", new passwords will be encrypted using the MD5-based +-# algorithm compatible with the one used by recent releases of FreeBSD. +-# It supports passwords of unlimited length and longer salt strings. +-# Set to "no" if you need to copy encrypted passwords to other systems +-# which don't understand the new algorithm. Default is "no". +-# +-# Note: If you use PAM, it is recommended to use a value consistent with +-# the PAM modules configuration. +-# +-# This variable is deprecated. You should use ENCRYPT_METHOD. +-# +-#MD5_CRYPT_ENAB no +- +-# +-# Only works if compiled with ENCRYPTMETHOD_SELECT defined: + # If set to MD5 , MD5-based algorithm will be used for encrypting password + # If set to SHA256, SHA256-based algorithm will be used for encrypting password + # If set to SHA512, SHA512-based algorithm will be used for encrypting password +@@ -309,7 +176,7 @@ + # Note: If you use PAM, it is recommended to use a value consistent with + # the PAM modules configuration. + # +-#ENCRYPT_METHOD DES ++ENCRYPT_METHOD SHA512 + + # + # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +@@ -345,16 +212,12 @@ DEFAULT_HOME yes # @@ -293,7 +318,7 @@ #USERDEL_CMD /usr/sbin/userdel_local # -@@ -364,7 +243,7 @@ +@@ -364,7 +227,7 @@ # # This also enables userdel to remove user groups if no members exist. # @@ -302,7 +327,7 @@ # # If set to a non-nul number, the shadow utilities will make sure that -@@ -383,5 +262,41 @@ +@@ -383,5 +246,41 @@ # This option is overridden with the -M or -m flags on the useradd command # line. # diff --git a/shadow.changes b/shadow.changes index 6bb097f..9eaad3d 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Feb 5 13:19:46 CET 2013 - kukuk@suse.de + +- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006] + ------------------------------------------------------------------- Tue Nov 13 17:31:50 CET 2012 - kukuk@suse.de diff --git a/shadow.spec b/shadow.spec index d61e1fa..7b0d034 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed