summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2013-12-13 14:42:46 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-12-13 14:51:15 +0000
commita9e072f9f0da774411e07abf47dd4bd8c6d685d7 (patch)
tree6f49a6986b80d49f9f0b3971a4958b1658238733
parent15ca756276b8c832cecf223c616c01202d1d6425 (diff)
downloadopenembedded-core-a9e072f9f0da774411e07abf47dd4bd8c6d685d7.tar.gz
shadow: change to use SHA512 password encryption
The default encryption method for shadow is DES, which limits passwords to 8 characters. Not only is this undesirable, it's also not how busybox works so we had different passwd/login length behaviour depending on whether shadow was installed in the image or not. Change it to SHA512 which is what most Linux distributions seem to be using currently. (SHA512 also matches up with how we are configuring PAM.) Fixes [YOCTO #5656]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/shadow/shadow.inc3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 33ecc7db40..048709edd2 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -109,6 +109,9 @@ do_install() {
# Disable checking emails.
sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
+ # Use proper encryption for passwords
+ sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
+
# Now we don't have a mail system. Disable mail creation for now.
sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd