Changeset 195

Show
Ignore:
Timestamp:
06/07/08 08:48:19 (6 months ago)
Author:
slawrence
Message:

Use sha-512 encryption for storing passwords and update pam conf file.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/RHEL5.2/conf/pam/system-auth.pam

    r154 r195  
    33# User changes will be destroyed the next time authconfig is run. 
    44#5 login attempts within 30 seconds.  Locked out for 60 seconds if fail 
    5 auth        required      pam_tally3.so deny=3 deny_interval=30 onerr=fail unlock_time=900 quiet 
    6  
     5auth        required      pam_tally3.so deny=3 deny_interval=30 unlock_time=900 onerr=fail quiet 
    76auth        required      pam_env.so 
    8 auth        required      pam_unix.so nullok try_first_pass audit 
     7auth        sufficient    pam_unix.so nullok try_first_pass audit 
     8auth        requisite     pam_succeed_if.so uid >= 500 quiet 
     9auth        required      pam_deny.so 
    910 
    1011account     required      pam_unix.so 
    11 account     required      pam_tally3.so 
     12account     required      pam_tally3.so 
     13account     sufficient    pam_succeed_if.so uid < 500 quiet 
     14account     required      pam_permit.so 
     15 
    1216password    required      pam_cracklib.so try_first_pass retry=3 minlen=12 difok=3 dcredit=-2 ucredit=-2 ocredit=-2 lcredit=-2 
    13 password    required      pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=12 
     17password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12 
     18password    required      pam_deny.so 
    1419 
    1520session     optional      pam_keyinit.so revoke 
    1621session     required      pam_limits.so 
     22session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
    1723session     required      pam_unix.so 

  • trunk/RHEL5.2/kickstart/clip.ks

    r192 r195  
    129129# Set the authentication options for the system. 
    130130# Similar to the authconfig command. 
    131 auth --enablemd5 --enableshadow 
     131auth --passalgo=sha512 --enableshadow 
    132132 
    133133# Set the timezone 
     
    359359cat <<-EOF > /etc/pam.d/system-auth 
    360360#%PAM-1.0 
    361 auth        required      pam_tally.so deny=3 onerr=fail unlock_time=900 quiet 
    362  
     361# This file is auto-generated. 
     362# User changes will be destroyed the next time authconfig is run. 
     363#5 login attempts within 30 seconds.  Locked out for 60 seconds if fail 
     364auth        required      pam_tally.so deny=3 onerr=fail unlock_time=900 quiet 
    363365auth        required      pam_env.so 
    364 auth        required      pam_unix.so nullok try_first_pass audit 
     366auth        sufficient    pam_unix.so nullok try_first_pass audit 
     367auth        requisite     pam_succeed_if.so uid >= 500 quiet 
     368auth        required      pam_deny.so 
    365369 
    366370account     required      pam_unix.so 
    367 account     required      pam_tally.so 
     371account     required      pam_tally.so 
     372account     sufficient    pam_succeed_if.so uid < 500 quiet 
     373account     required      pam_permit.so 
     374 
    368375password    required      pam_cracklib.so try_first_pass retry=3 minlen=12 difok=3 dcredit=-2 ucredit=-2 ocredit=-2 lcredit=-2 
    369 password    required      pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=12 
     376password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12 
     377password    required      pam_deny.so 
    370378 
    371379session     optional      pam_keyinit.so revoke 
    372380session     required      pam_limits.so 
     381session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
    373382session     required      pam_unix.so 
    374383EOF