|
 |
5c721c |
diff -up Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml
|
|
|
5c721c |
--- Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml.no-fallback 2015-04-27 16:38:03.000000000 +0200
|
|
|
5c721c |
+++ Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml 2015-05-15 15:54:21.524440864 +0200
|
|
|
5c721c |
@@ -284,11 +284,10 @@
|
|
|
5c721c |
<listitem>
|
|
|
5c721c |
<para>
|
|
|
5c721c |
When a user changes their password next,
|
|
|
5c721c |
- encrypt it with the SHA256 algorithm. If the
|
|
|
5c721c |
- SHA256 algorithm is not known to the <citerefentry>
|
|
|
5c721c |
+ encrypt it with the SHA256 algorithm. The
|
|
|
5c721c |
+ SHA256 algorithm must be supported by the <citerefentry>
|
|
|
5c721c |
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
|
5c721c |
- </citerefentry> function,
|
|
|
5c721c |
- fall back to MD5.
|
|
|
5c721c |
+ </citerefentry> function.
|
|
|
5c721c |
</para>
|
|
|
5c721c |
</listitem>
|
|
|
5c721c |
</varlistentry>
|
|
|
5c721c |
@@ -299,11 +298,10 @@
|
|
|
5c721c |
<listitem>
|
|
|
5c721c |
<para>
|
|
|
5c721c |
When a user changes their password next,
|
|
|
5c721c |
- encrypt it with the SHA512 algorithm. If the
|
|
|
5c721c |
- SHA512 algorithm is not known to the <citerefentry>
|
|
|
5c721c |
+ encrypt it with the SHA512 algorithm. The
|
|
|
5c721c |
+ SHA512 algorithm must be supported by the <citerefentry>
|
|
|
5c721c |
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
|
5c721c |
- </citerefentry> function,
|
|
|
5c721c |
- fall back to MD5.
|
|
|
5c721c |
+ </citerefentry> function.
|
|
|
5c721c |
</para>
|
|
|
5c721c |
</listitem>
|
|
|
5c721c |
</varlistentry>
|
|
|
5c721c |
@@ -314,11 +312,10 @@
|
|
|
5c721c |
<listitem>
|
|
|
5c721c |
<para>
|
|
|
5c721c |
When a user changes their password next,
|
|
|
5c721c |
- encrypt it with the blowfish algorithm. If the
|
|
|
5c721c |
- blowfish algorithm is not known to the <citerefentry>
|
|
|
5c721c |
+ encrypt it with the blowfish algorithm. The
|
|
|
5c721c |
+ blowfish algorithm must be supported by the <citerefentry>
|
|
|
5c721c |
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
|
|
|
5c721c |
- </citerefentry> function,
|
|
|
5c721c |
- fall back to MD5.
|
|
|
5c721c |
+ </citerefentry> function.
|
|
|
5c721c |
</para>
|
|
|
5c721c |
</listitem>
|
|
|
5c721c |
</varlistentry>
|
|
|
5c721c |
diff -up Linux-PAM-1.2.0/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.2.0/modules/pam_unix/passverify.c
|
|
|
5c721c |
--- Linux-PAM-1.2.0/modules/pam_unix/passverify.c.no-fallback 2015-05-15 15:54:21.525440887 +0200
|
|
|
5c721c |
+++ Linux-PAM-1.2.0/modules/pam_unix/passverify.c 2015-05-15 15:57:23.138613273 +0200
|
|
|
5c721c |
@@ -437,10 +437,9 @@ PAMH_ARG_DECL(char * create_password_has
|
|
|
5c721c |
sp = crypt(password, salt);
|
|
|
5c721c |
#endif
|
|
|
5c721c |
if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
|
|
|
5c721c |
- /* libxcrypt/libc doesn't know the algorithm, use MD5 */
|
|
|
5c721c |
+ /* libxcrypt/libc doesn't know the algorithm, error out */
|
|
|
5c721c |
pam_syslog(pamh, LOG_ERR,
|
|
|
5c721c |
- "Algo %s not supported by the crypto backend, "
|
|
|
5c721c |
- "falling back to MD5\n",
|
|
|
5c721c |
+ "Algo %s not supported by the crypto backend.\n",
|
|
|
5c721c |
on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
|
|
|
5c721c |
on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
|
|
|
5c721c |
on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
|
|
|
5c721c |
@@ -450,7 +449,7 @@ PAMH_ARG_DECL(char * create_password_has
|
|
|
5c721c |
#ifdef HAVE_CRYPT_R
|
|
|
5c721c |
free(cdata);
|
|
|
5c721c |
#endif
|
|
|
5c721c |
- return crypt_md5_wrapper(password);
|
|
|
5c721c |
+ return NULL;
|
|
|
5c721c |
}
|
|
|
5c721c |
sp = x_strdup(sp);
|
|
|
5c721c |
#ifdef HAVE_CRYPT_R
|