Mark H Weaver <[email protected]> writes:
> yenda on #guix reported that when typing user passwords, only the first
> 8 characters need to be typed correctly to successfully log in.
>
> DusXMT on #guix mentioned that [GNU/]Linux From Scratch instructs users
> to change "#ENCRYPT_METHOD_DES" to "ENCRYPT_METHOD_SHA512" in
> etc/login.defs:
>
> http://www.linuxfromscratch.org/lfs/view/stable/chapter06/shadow.html
>
> I tried modifying both /etc/login.defs and etc/login.defs in our
> 'shadow' package recipe, and then tried updating my password entry with
> 'passwd' but it still only pays attention to the first 8 characters.
>
> 'strace' reveals that 'passwd' doesn't even look for any file named
> "login.defs".
Yeah, when login using PAM (our case), login.defs is not used.
>
> I'm not sure what's going on here, but it would be good to fix it soon.
It turn out that add a 'sha512' to the argument of password pam entry do
the trick, patch sent :-)
