View previous topic :: View next topic |
Author |
Message |
root_tux_linux l33t
Joined: 21 Dec 2003 Posts: 966
|
Posted: Wed Nov 07, 2012 5:57 am Post subject: Kein Login prompt nach Wechsel von MD5 auf SHA512 [solved] |
|
|
Hi
Seit dem Wechsel von MD5 auf SHA512 hab ich das Problem, dass mir in der Konsole z.B. tty1 kein Loginprompt mehr angezeigt wird.
Bild mit Fehler: http://2blabla.ch/sha512.png
Kann mir jemand sagen wo der Fehler ist?
Und ja die Passwörter wurden alle auf SHA512 migriert also haben auch ein $6$ in /etc/shadow
Die Configs sehen wie folgt aus:
Code: | gentoo ~ # cat /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_ssh.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account required pam_unix.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session optional pam_ssh.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so |
Code: | gentoo ~ # equery u pambase
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for sys-auth/pambase-20120417-r1:
U I
+ + consolekit : Enable pam_ck_connector module on local system logins. This allows for console logins to make use of ConsoleKit authorization.
+ + cracklib : Enable pam_cracklib module on system authentication stack. This produces warnings when changing password to something easily crackable. It requires the same USE flag to be enabled on
sys-libs/pam or system login might be impossible.
- - debug : Enable debug information logging on syslog(3) for all the modules supporting this in the system authentication and system login stacks.
- - gnome-keyring : Enable pam_gnome_keyring module on system login stack. This enables proper Gnome Keyring access to logins, whether they are done with the login shell, a Desktop Manager or a remote login
systems such as SSH.
- - minimal : Disables the standard PAM modules that provide extra information to users on login; this includes pam_tally (and pam_tally2 for Linux PAM 1.1 and later), pam_lastlog, pam_motd and other
similar modules. This might not be a good idea on a multi-user system but could reduce slightly the overhead on single-user non-networked systems.
- - mktemp : Enable pam_mktemp module on system auth stack for session handling. This module creates a private temporary directory for the user, and sets TMP and TMPDIR accordingly.
- - pam_krb5 : Enable pam_krb5 module on system auth stack, as an alternative to pam_unix. If Kerberos authentication succeed, only pam_unix will be ignore, and all the other modules will proceed as
usual, including Gnome Keyring and other session modules. It requires sys-libs/pam as PAM implementation.
+ + pam_ssh : Enable pam_ssh module on system auth stack for authentication and session handling. This module will accept as password the passphrase of a private SSH key (one of ~/.ssh/id_rsa,
~/.ssh/id_dsa or ~/.ssh/identity), and will spawn an ssh-agent instance to cache the open key.
- - passwdqc : Enable pam_passwdqc module on system auth stack for password quality validation. This is an alternative to pam_cracklib producing warnings, rejecting or providing example passwords when
changing your system password. It is used by default by OpenWall GNU/*/Linux and by FreeBSD.
+ + sha512 : Switch Linux-PAM's pam_unix module to use sha512 for passwords hashes rather than MD5. This option requires >=sys-libs/pam-1.0.1 built against >=sys-libs/glibc-2.7, if it's built against an
earlier version, it will silently be ignored, and MD5 hashes will be used. All the passwords changed after this USE flag is enabled will be saved to the shadow file hashed using SHA512
function. The password previously saved will be left untouched. Please note that while SHA512-hashed passwords will still be recognised if the USE flag is removed, the shadow file will not
be compatible with systems using an earlier glibc version.
- - systemd : Use pam_systemd module to register user sessions in the systemd control group hierarchy.
gentoo ~ #
|
Code: | gentoo ~ # cat /etc/login.defs | grep SHA512
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
ENCRYPT_METHOD SHA512
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
gentoo ~ #
|
_________________ Intel Core i7 6700K@4.6GHz, Gigabyte GTX 980 Ti G1, Gigabyte Gaming 7, Hyper X Fury 32GB, 2 TB Samsung EVO 840 Basic
ASUS ROG Swift PG348Q Display
ASUS ROG ASUS G771JW Notebook
Last edited by root_tux_linux on Wed Nov 07, 2012 7:48 am; edited 1 time in total |
|
Back to top |
|
|
root_tux_linux l33t
Joined: 21 Dec 2003 Posts: 966
|
Posted: Wed Nov 07, 2012 7:48 am Post subject: |
|
|
Hat sich erledigt...
Lag nicht SHA512, apache hat sich abgeschossen und danach wurde der Rest garnicht abgearbeitet.
Siehe: * * rc: caught SIGTERM, abortingapache2: caught SIGTERM, aborting _________________ Intel Core i7 6700K@4.6GHz, Gigabyte GTX 980 Ti G1, Gigabyte Gaming 7, Hyper X Fury 32GB, 2 TB Samsung EVO 840 Basic
ASUS ROG Swift PG348Q Display
ASUS ROG ASUS G771JW Notebook |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|