Add support for using SHA512 hashihg for shadow passwords.pambase-20080801

Instead of only supporting MD5-hashed passwords, make it possible to
use SHA512-hashed passwords, which should be stronger. This requires
glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported
by libcrypt, Linux-PAM will fallback to MD5 like before.

3 files changed, 13 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index 651b641..229927e 100644
--- a/Makefile
+++ b/Makefile
@@ -44,6 +44,10 @@ ifeq "$(PAM_SSH)" "yes"
 PAMFLAGS += -DHAVE_PAM_SSH=1
 endif
 
+ifeq "$(SHA512)" "yes"
+PAMFLAGS += -DWANT_SHA512=1
+endif
+
 ifeq "$(DEBUG)" "yes"
 PAMFLAGS += -DDEBUG=debug
 endif
diff --git a/linux-pam-conf b/linux-pam-conf
index 44087d8..ee34768 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -9,7 +9,11 @@
 #define SUPPORT_NOLOGIN_ACCOUNT		1
 #define SUPPORT_NOLOGIN_AUTH		1
 
-#define UNIX_EXTENDED_ENCRYPTION md5 shadow
+#if WANT_SHA512
+# define UNIX_EXTENDED_ENCRYPTION	sha512 shadow
+#else
+# define UNIX_EXTENDED_ENCRYPTION	md5 shadow
+#endif
 
 #define LIKEAUTH likeauth
 #define DEBUG_NOLOGIN
diff --git a/openpam-conf b/openpam-conf
index 60debed..a60581b 100644
--- a/openpam-conf
+++ b/openpam-conf
@@ -20,4 +20,8 @@
 #  define SUPPORT_NOLOGIN_AUTH		1
 # endif
 
+# if defined(WANT_SHA512)
+#  error "SHA512 support is not present for FreeBSD!"
+# endif
+
 #endif /* __FreeBSD__ */