În data de Lu, 23-01-2012 la 18:08 -0600, C Anthony Risinger a scris:
login.defs is provided by the `shadow` package, not `pam`, and details these options:
ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS
These options aren't in the Archlinux version of the login.defs file, like I said in my previous message. No ideea why.
... but it's not clear that the `shadow` option to pam_unix.so honors these values, only that pam_unix.so will "Try to maintain a shadow based system", which sounds more like a compatibility statement.
I wonder, is there anyone still not using pam?
... i can't find any literature suggesting sha512 decreases your security, and no reason to bother switching. both are good solutions.
It might be because of the FUD that OpenBSD is the only secure OS, which isn't the case; I think they still don't provide full disk encryption, of any kind.
Yeah, kinda off-topic, I know.