|
|
b588fa |
diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in
|
|
|
b588fa |
--- yp-tools-2.12/man/yppasswd.1.in.hash 2011-09-09 16:18:49.469037058 +0200
|
|
|
b588fa |
+++ yp-tools-2.12/man/yppasswd.1.in 2011-09-09 16:20:19.101030930 +0200
|
|
|
b588fa |
@@ -81,6 +81,12 @@ for authentication with the
|
|
|
b588fa |
.BR yppasswdd (8)
|
|
|
b588fa |
daemon. Subsequently, the
|
|
|
b588fa |
program prompts for the updated information:
|
|
|
b588fa |
+.P
|
|
|
b588fa |
+If we use shadowing passwords using passwd.adjunct, SHA-512 will be
|
|
|
b588fa |
+used for hashing a new password by default. If we want to use MD5,
|
|
|
b588fa |
+SHA_256 or older DES, we need to set the environment variable
|
|
|
b588fa |
+YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and
|
|
|
b588fa |
+"SHA-512" (value is case-insensitive).
|
|
|
b588fa |
.\"
|
|
|
b588fa |
.\"
|
|
|
b588fa |
.IP "\fByppasswd\fP or \fB-p\fP"
|
|
|
b588fa |
diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c
|
|
|
b588fa |
--- yp-tools-2.12/src/yppasswd.c.hash 2011-09-09 16:20:35.360029823 +0200
|
|
|
b588fa |
+++ yp-tools-2.12/src/yppasswd.c 2011-09-09 16:25:21.589010245 +0200
|
|
|
b588fa |
@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_
|
|
|
b588fa |
close (fd);
|
|
|
b588fa |
}
|
|
|
b588fa |
|
|
|
b588fa |
+
|
|
|
b588fa |
+/*
|
|
|
b588fa |
+ * Reads environment variable YP_PASSWD_HASH and returns hash id.
|
|
|
b588fa |
+ * Possible values are MD5, SHA-256, SHA-512 and DES.
|
|
|
b588fa |
+ * If other value is set or it is not set at all, SHA-512 is used.
|
|
|
b588fa |
+ */
|
|
|
b588fa |
+static int
|
|
|
b588fa |
+get_env_hash_id()
|
|
|
b588fa |
+{
|
|
|
b588fa |
+ const char *v = getenv("YP_PASSWD_HASH");
|
|
|
b588fa |
+ if (!v)
|
|
|
b588fa |
+ return SHA_512;
|
|
|
b588fa |
+
|
|
|
b588fa |
+ if (!strcasecmp(v, "DES"))
|
|
|
b588fa |
+ return DES;
|
|
|
b588fa |
+
|
|
|
b588fa |
+ if (!strcasecmp(v, "SHA-256"))
|
|
|
b588fa |
+ return SHA_256;
|
|
|
b588fa |
+
|
|
|
b588fa |
+ if (!strcasecmp(v, "MD5"))
|
|
|
b588fa |
+ return MD5;
|
|
|
b588fa |
+
|
|
|
b588fa |
+ return SHA_512;
|
|
|
b588fa |
+}
|
|
|
b588fa |
+
|
|
|
b588fa |
+
|
|
|
b588fa |
int
|
|
|
b588fa |
main (int argc, char **argv)
|
|
|
b588fa |
{
|
|
|
b588fa |
@@ -723,6 +749,15 @@ main (int argc, char **argv)
|
|
|
b588fa |
|
|
|
b588fa |
hash_id = get_hash_id (pwd->pw_passwd);
|
|
|
b588fa |
|
|
|
b588fa |
+ /* If we use passwd.adjunct, there is no magic value like $1$ in the
|
|
|
b588fa |
+ * beginning of password, but ##username instead. Thus, SHA_512 will be
|
|
|
b588fa |
+ * used for hashing a new password by default. If we want to use DES,
|
|
|
b588fa |
+ * MD5 or SHA_256, we need to set the environment variable
|
|
|
b588fa |
+ * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).
|
|
|
b588fa |
+ */
|
|
|
b588fa |
+ if (strncmp(pwd->pw_passwd, "##", 2) == 0)
|
|
|
b588fa |
+ hash_id = get_env_hash_id();
|
|
|
b588fa |
+
|
|
|
b588fa |
/* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */
|
|
|
b588fa |
if (hash_id == SHA_256 || hash_id == SHA_512)
|
|
|
b588fa |
{
|