From 010a16638d1484afca6964168c62fdce8e8c3305 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Fri, 13 Dec 2013 14:42:46 +0000 Subject: [PATCH] shadow: change to use SHA512 password encryption The default encryption method for shadow is DES, which limits passwords to 8 characters. Not only is this undesirable, it's also not how busybox works so we had different passwd/login length behaviour depending on whether shadow was installed in the image or not. Change it to SHA512 which is what most Linux distributions seem to be using currently. (SHA512 also matches up with how we are configuring PAM.) Fixes [YOCTO #5656]. (From OE-Core rev: a9e072f9f0da774411e07abf47dd4bd8c6d685d7) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- meta/recipes-extended/shadow/shadow.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 33ecc7d..048709e 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -109,6 +109,9 @@ do_install() { # Disable checking emails. sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs + # Use proper encryption for passwords + sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs + # Now we don't have a mail system. Disable mail creation for now. sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd -- 2.7.4