rpms / pam

Clone
Source Code
GIT

Files

  1.   c22a38cf307ce0a39feadc88f74590c68fbcdfac
  2.   SOURCES
  3.   pam-1.1.5-unix-no-fallback.patch
Blob Blame History Raw 
diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback	2011-06-21 11:04:56.000000000 +0200
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml	2012-05-09 11:54:34.442036404 +0200
@@ -265,11 +265,10 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the SHA256 algorithm. If the
-            SHA256 algorithm is not known to the <citerefentry>
+            encrypt it with the SHA256 algorithm. The
+            SHA256 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -280,11 +279,10 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the SHA512 algorithm. If the
-            SHA512 algorithm is not known to the <citerefentry>
+            encrypt it with the SHA512 algorithm. The
+            SHA512 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -295,11 +293,10 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the blowfish algorithm. If the
-            blowfish algorithm is not known to the <citerefentry>
+            encrypt it with the blowfish algorithm. The
+            blowfish algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback	2012-05-09 11:48:12.409632377 +0200
+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c	2012-05-09 11:48:36.953172291 +0200
@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
 		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
 		pam_syslog(pamh, LOG_ERR,
-			   "Algo %s not supported by the crypto backend, "
-			   "falling back to MD5\n",
+			   "Algo %s not supported by the crypto backend.\n",
 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
 		if(sp) {
 		   memset(sp, '\0', strlen(sp));
 		}
-		return crypt_md5_wrapper(password);
+		return NULL;
 	}
 
 	return x_strdup(sp);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation