În data de Lu, 23-01-2012 la 18:08 -0600, C Anthony Risinger a scris: > login.defs is provided by the `shadow` package, not `pam`, and details > these options: > > ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS These options aren't in the Archlinux version of the login.defs file, like I said in my previous message. No ideea why. > ... but it's not clear that the `shadow` option to pam_unix.so honors > these values, only that pam_unix.so will "Try to maintain a shadow > based system", which sounds more like a compatibility statement. I wonder, is there anyone still not using pam? > ... i can't find any literature suggesting sha512 decreases your > security, and no reason to bother switching. both are good solutions. It might be because of the FUD that OpenBSD is the only secure OS, which isn't the case; I think they still don't provide full disk encryption, of any kind. Yeah, kinda off-topic, I know. -- <>< Sorin-Mihai Vârgolici Proud member of Ceata (http://ceata.org/) Arcada developer (https://arcadaproject.org/)