Red Hat Bugzilla – Bug 487298
pam_unix uses md5 to store old passwords in opasswd
Last modified: 2016-11-01 11:02:23 EDT
It should use SHA-2 if it is used for /etc/shadow.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here:
As the password saving in pam_unix is considered as legacy functionality in upstream and the preferred way of password history handling is pam_pwhistory I don't think it is much worth it to enhance pam_unix this way.
Is it a good idea to be leaving this potentially broken functionality in pam_unix rather than removing it or fixing it?
Perhaps update the man page for pam_unix stating that the remember parameter is legacy and pam_pwhistory should be used instead
The pam_unix manpage already mentions that.