diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-12-13 14:42:46 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-12-13 14:51:15 +0000 |
commit | a9e072f9f0da774411e07abf47dd4bd8c6d685d7 (patch) | |
tree | 6f49a6986b80d49f9f0b3971a4958b1658238733 /meta/recipes-extended/shadow | |
parent | 15ca756276b8c832cecf223c616c01202d1d6425 (diff) | |
download | openembedded-core-contrib-a9e072f9f0da774411e07abf47dd4bd8c6d685d7.tar.gz |
shadow: change to use SHA512 password encryption
The default encryption method for shadow is DES, which limits passwords
to 8 characters. Not only is this undesirable, it's also not how busybox
works so we had different passwd/login length behaviour depending on
whether shadow was installed in the image or not. Change it to SHA512
which is what most Linux distributions seem to be using currently.
(SHA512 also matches up with how we are configuring PAM.)
Fixes [YOCTO #5656].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 33ecc7db40c..048709edd2b 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -109,6 +109,9 @@ do_install() { # Disable checking emails. sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs + # Use proper encryption for passwords + sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs + # Now we don't have a mail system. Disable mail creation for now. sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd |