Új hozzászólás Aktív témák

• #3387 VladimirR nagyúr

  Új Válasz 2009-03-22 20:31:59 #3387

  Új hozzászólás

  Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

  

  VladimirR

  nagyúr

  akit erint, ez nemreg jott hardened levlist-en:

  As of today =sys-libs/glibc-2.8_p20080602-r1 is available for installation on 'stable' hardened systems. As =sys-libs/glibc-2.8_p20080602-r1 will be compiled against also stable =sys-kernel/linux-headers-2.6.27-r2, it is recommended one first upgrade to a >=sys-kernel/hardened-sources-2.6.27
  kernel. Running a <=sys-kernel/*-2.6.27 kernel on a system with
  =sys-libs/glibc-2.8_p20080602-r1 compiled against
  =sys-kernel/linux-headers-2.6.27-r2 has not be tested by the Gentoo Hardened team and is not supported.

  Now on to the fun...

  To attain sha512 shadow password hash capability one must:
  1. Upgrade to >=sys-libs/glibc-2.8
  2. Compile (+install) >=sys-libs/pam-1 against >=sys-libs/glibc-2.8 3. Compile (+install) >=sys-auth/pambase-20081028 with USE="sha512" (enabled by default)

  Any newly created or changed user passwords will now be stored via sha512 hash rather than md5. Be aware, sha512 password hashes are not backward compatible with older glibc/pam.

  Let's find all md5 password hashes:

  # fgrep '$1$' /etc/shadow

  Simply change the password for any listed account to have the password stored via sha512 hash.

  Many thanks go to Diego "Flameeyes" Pettenò for maintaining PAM and making
  sha512 shadow password hash capability a reality in Gentoo.

  That is all.

  Gordon Malm (gengor)

Új hozzászólás Aktív témák