Cloud image user passwords encrypted by md5 by default?
Colin Walters
walters at verbum.org
Sat Aug 1 13:41:15 UTC 2015
On Sat, Aug 1, 2015, at 01:34 AM, Sitsofe Wheeler wrote:
>
> The regular Fedora 22 default for password encryption seems to be
> SHA512 but I couldn't turn anything up as to why cloud images had made
> this change. Could some explain why MD5 is used?
This was just fixed:
https://git.fedorahosted.org/cgit/spin-kickstarts.git/commit/?id=9f254062c3c78d8480b04b340c1497c08126c0ca
There was nothing intentional here, but what we're fighting is the legacy defaults for
auth in Anaconda, requiring every kickstart user to override them to enable shadow passwords
and sha512.
Confusingly, Anaconda has defaults that apply *only* when used interactively:
https://github.com/rhinstaller/anaconda/blob/master/data/interactive-defaults.ks#L3
Currently then, media installs have stronger defaults than kickstart, unless overridden
explicitly by kickstart.
More information about the cloud
mailing list