From 5ffd4b654b121768765eeb1c0aa560e2dd005fd3 Mon Sep 17 00:00:00 2001 From: Marco Rodrigues Date: Thu, 28 Apr 2016 13:31:11 +0200 Subject: [PATCH] MD5 not secure. Now it should be SHA512 by default --- manifests/init.pp | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index c9a1fea..296328f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -148,7 +148,7 @@ $nis = false, $nisdomain = undef, $nisserver = undef, - $passalgo = 'md5', + $passalgo = 'sha512', $shadow = true, $krb5 = false, $krb5realm = undef, @@ -281,12 +281,6 @@ $nisserver_val = "--nisserver=${nisserver}" } - # MD5 - $md5_flg = $passalgo ? { - 'md5' => '--enablemd5', - default => '--disablemd5', - } - # hash/crypt algorithm for new passwords if $passalgo { $passalgo_val = "--passalgo=${passalgo}" @@ -482,7 +476,7 @@ $extra_flags = "${preferdns_flg} ${forcelegacy_flg} ${pamaccess_flg}" - $pass_flags = "${md5_flg} ${passalgo_val} ${shadow_flg}" + $pass_flags = "${passalgo_val} ${shadow_flg}" $authconfig_flags = "${ldap_flags} ${nis_flags} ${pass_flags} ${krb5_flags} ${winbind_flags} ${extra_flags} ${cache_flg} ${mkhomedir_flg} ${sssd_flg} ${sssdauth_flg} ${rfc2307bis_flg} ${locauthorize_flg} ${sysnetauth_flg} ${smartcard_flags}" $authconfig_update_cmd = "authconfig ${authconfig_flags} --updateall" $authconfig_test_cmd = "authconfig ${authconfig_flags} --test"