diff options
| -rw-r--r-- | chapter08/shadow.xml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/chapter08/shadow.xml b/chapter08/shadow.xml index 83c8f6ec9..93d1f3f7e 100644 --- a/chapter08/shadow.xml +++ b/chapter08/shadow.xml @@ -62,7 +62,9 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;</userinput></s <para id="shadow-login_defs">Instead of using the default <emphasis>crypt</emphasis> method, use the more secure <emphasis>SHA-512</emphasis> method of password encryption, which also - allows passwords longer than 8 characters. It is also necessary to change + allows passwords longer than 8 characters. In addition, set the number of + rounds to 500,000 instead of the default 5000, which is much too low to + prevent brute force password attacks. It is also necessary to change the obsolete <filename class="directory">/var/spool/mail</filename> location for user mailboxes that Shadow uses by default to the <filename class="directory">/var/mail</filename> location used currently. And, @@ -80,6 +82,7 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;</userinput></s </note> <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \ + -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@' \ -e 's:/var/spool/mail:/var/mail:' \ -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ -i etc/login.defs</userinput></screen> |