Hirdetés

  2. Fórumok
  3. OS, alkalmazások
  4. Gentoo Linux
  5. (kiemelt téma)

Új hozzászólás Aktív témák

  • #3387 VladimirR nagyúr
    Új Válasz #3387
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

    VladimirR

    nagyúr

    akit erint, ez nemreg jott hardened levlist-en:

    As of today =sys-libs/glibc-2.8_p20080602-r1 is available for installation on 'stable' hardened systems. As =sys-libs/glibc-2.8_p20080602-r1 will be compiled against also stable =sys-kernel/linux-headers-2.6.27-r2, it is recommended one first upgrade to a >=sys-kernel/hardened-sources-2.6.27
    kernel. Running a <=sys-kernel/*-2.6.27 kernel on a system with
    =sys-libs/glibc-2.8_p20080602-r1 compiled against
    =sys-kernel/linux-headers-2.6.27-r2 has not be tested by the Gentoo Hardened team and is not supported.

    Now on to the fun...

    To attain sha512 shadow password hash capability one must:
    1. Upgrade to >=sys-libs/glibc-2.8
    2. Compile (+install) >=sys-libs/pam-1 against >=sys-libs/glibc-2.8 3. Compile (+install) >=sys-auth/pambase-20081028 with USE="sha512" (enabled by default)

    Any newly created or changed user passwords will now be stored via sha512 hash rather than md5. Be aware, sha512 password hashes are not backward compatible with older glibc/pam.

    Let's find all md5 password hashes:

    # fgrep '$1$' /etc/shadow

    Simply change the password for any listed account to have the password stored via sha512 hash. :)

    Many thanks go to Diego "Flameeyes" Pettenò for maintaining PAM and making
    sha512 shadow password hash capability a reality in Gentoo.

    That is all.

    Gordon Malm (gengor)

Új hozzászólás Aktív témák