我正在尝试设置PAM / LDAP,以便当登录的SSH用户使用passwd更改其密码时,它会在更新LDAP条目之前使用SHA1加密密码.我有这个
# /etc/ldap.conf ... rootbinddn cn=Manager,dc=ourdomain,dc=com rootpw secret pam_crypt local
当用户使用passwd更改其密码时,在LDAP中,该条目看起来像这样
{crypt}41H84HEld3
所以它作为地穴而来.我不确定如何强制它成为SHA / SHA1.我尝试添加
pam_password sha
到/etc/ldap.conf然后密码刚刚结束,并以明文形式存储在LDAP中.
从这个
source,RHEL | CentOS 5:
Display Current Hashing Algorithm
Type the following command:
# authconfig –test | grep hashingSample outputs:
password hashing algorithm is md5
Configure Linux Server To Use The SHA-512
To configure the Linux system to use the SHA-512 algorithm,enter:
# authconfig –passalgo=sha512 –updateNote: users need to change their passwords in order to generate hashes using SHA-512. You can force users to change their password on next login:
# chage -d 0 userName
我没有尝试过(只有CentOS 4有用),但希望它有所帮助.