Re: password algorithm with authconfig vs authselect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Once upon a time, Leon Fauster <leonfauster@xxxxxxxxxxxxxx> said:
> How does the new "way" looks like (>=EL8), to switch the password
> algorithm?

It looks like authselect doesn't support that.

While authconfig tried to be a super-multi-tool that knew how to
configure all the things, I think it got to a point where it was too
difficult to maintain (keeping track of which options were required,
conflicted with each other, etc.).  So authselect instead ships a
pre-set group of config files that have been tested, with some options
in them.

Right now, the password algorithm is always sha512.  I think that could
be turned into what authselect calls a "feature", but I'm not sure
(that'd be a good request for the project, using their project page at
https://github.com/authselect/authselect).  It looks like features might
support only enable/disable, not custom string values.

The "officially correct" way to do that today seems to be to create a
custom profile (which can be based on an existing profile), change the
values, then apply the custom profile.  This seems like a lot to just
set the algorithm, but I'm guessing that at this point, there aren't
many requests to do that (so it isn't a well-supported thing to change).

It looks like something like this might do it:

  authselect create-profile sha256 --base-on=sssd
  sed -i 's/sha512/sha256/g' /etc/authselect/custom/sha256/*
  authselect select custom/sha256

-- 
Chris Adams <linux@xxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux