Bug 487298 - pam_unix uses md5 to store old passwords in opasswd
pam_unix uses md5 to store old passwords in opasswd
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks: fedora-sha2-pkgs 517000
  Show dependency treegraph
Reported: 2009-02-25 06:41 EST by Miloslav Trmač
Modified: 2016-11-01 11:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-11-01 11:02:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2009-02-25 06:41:06 EST
It should use SHA-2 if it is used for /etc/shadow.
Comment 1 Bug Zapper 2009-06-09 07:38:20 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
Comment 2 Tomas Mraz 2009-08-14 08:53:40 EDT
As the password saving in pam_unix is considered as legacy functionality in upstream and the preferred way of password history handling is pam_pwhistory I don't think it is much worth it to enhance pam_unix this way.
Comment 3 Josh 2013-07-08 12:39:22 EDT
Is it a good idea to be leaving this potentially broken functionality in pam_unix rather than removing it or fixing it?

Perhaps update the man page for pam_unix stating that the remember parameter is legacy and pam_pwhistory should be used instead
Comment 4 Tomas Mraz 2016-11-01 11:02:23 EDT
The pam_unix manpage already mentions that.

Note You need to log in before you can comment on or make changes to this bug.