[relnotes] [Fedora Project Wiki] Update of "Docs/Beats/Security" by MurrayMcAllister
fedorawiki-noreply at fedoraproject.org
fedorawiki-noreply at fedoraproject.org
Sat Mar 15 05:27:42 UTC 2008
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification.
The following page has been changed by MurrayMcAllister:
http://fedoraproject.org/wiki/Docs/Beats/Security?action=diff&rev2=44&rev1=43
The comment on the change is:
editorial pass on new content added after f8 release...
------------------------------------------------------------------------------
=== Security Enhancements ===
- * Fedora continues to improve its many proactive [http://fedoraproject.org/wiki/Security/Features security features].
+ Fedora continues to improve its many proactive [http://fedoraproject.org/wiki/Security/Features security features]:
- * The `glibc` package in Fedora 8 had [http://people.redhat.com/drepper/sha-crypt.html support] for passwords using SHA256 and SHA512 hashing. Before only DES and MD5 were available. The tools have now been extended in Fedora 9. Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
+ * The `glibc` package in Fedora 8 had [http://people.redhat.com/drepper/sha-crypt.html support] for passwords using SHA256 and SHA512 hashing. Previously, only DES and MD5 were available. The tools have now been extended in Fedora 9. Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
- To switch to SHA-256 or SHA-512 on an installed system, use `authconfig --passalgo=sha256 --update` or `authconfig --passalgo=sha512 --update`. You can also configure the hashing method in a GUI using `authconfig-gtk`. Existing user accounts won't be affected until their passwords are changed.
+ To switch to SHA-256 or SHA-512 on an installed system, use {{{authconfig --passalgo=sha256 --update}}} or {{{authconfig --passalgo=sha512 --update}}}. Alternatively, use the {{{authconfig-gtk}}} GUI tool to configure the hashing method. Existing user accounts will not be affected until their passwords are changed.
- SHA-512 is used by default on newly installed systems. Other algorithms can be configured only for kickstart installations, by using the `--passalgo` or `--enablemd5` options of the kickstart command `auth`. If your installation does not use kickstart, use `authconfig` as described above, then change the `root` password and passwords of any other users created after installation.
+ SHA-512 is used by default on newly installed systems. Other algorithms can be configured only for kickstart installations, by using the `--passalgo` or `--enablemd5` options for the kickstart `auth` command. If your installation does not use kickstart, use `authconfig` as described above, and then change the `root` password, and passwords for other users created after installation.
- New options were added to `libuser`, `pam` and `shadow-utils` to support these password hashing algorithms. `authconfig` configures all these options automatically, so it is usually not necessary to modify them manually.
+ New options were added to `libuser`, `pam`, and `shadow-utils`, to support these password hashing algorithms. Running {{{authconfig}}} configures all these options automatically, so it is not necessary to modify.
+ * New values for the `crypt_style` option, and the new options `hash_rounds_min`, and `hash_rounds_max`, are now supported in the `[defaults]` section of `/etc/libuser.conf`. Refer to the `libuser.conf(5)` man page for details.
- * New values of the `crypt_style` option and new options `hash_rounds_min` and `hash_rounds_max` are now supported in the
- `[defaults]` section of `/etc/libuser.conf`. Refer `libuser.conf(5)` for more details.
- * New options `sha256`, `sha512` and `rounds` are now supported by the `pam_unix` PAM module. Refer `pam_unix(8)`for more details.
+ * New options `sha256`, `sha512`, and `rounds`, are now supported by the `pam_unix` PAM module. Refer to the `pam_unix(8)` man page for details.
- * New options `ENCRYPT_METHOD`, `SHA_CRYPT_MIN_ROUNDS` and `SHA_CRYPT_MAX_ROUNDS` are now supported in `/etc/login.defs`. Refer `login.defs(5)` for more details. Corresponding options were added to `chpasswd(8)` and `newusers(8)`.
+ * New options `ENCRYPT_METHOD`, `SHA_CRYPT_MIN_ROUNDS`, and `SHA_CRYPT_MAX_ROUNDS`, are now supported in `/etc/login.defs`. Refer to the `login.defs(5)` man page for details. Corresponding options were added to `chpasswd(8)` and `newusers(8)`.
=== General Information ===
More information about the Fedora-relnotes-content
mailing list