Off-topic: rounds
Tomas Mraz
tmraz at redhat.com
Tue Nov 6 12:24:00 UTC 2012
On Tue, 2012-11-06 at 11:53 +0000, Moray Henderson wrote:
> Sorry for the off-topic question: this is the only security-type list I'm a
> member of. Please point me to a better place to ask if there is one. I've
> just been looking at the 'rounds' options for sha512 password hashing.
>
> According to the man pages, you can set rounds options in: 1)
> /etc/libuser.conf 2) pam_unix 3) /etc/login.defs. Now I'm confused: is
> this really 3 different places to set the same thing? Do they all need to
> be set? Which is used under what circumstances? What happens if they are
> set differently?
This is really off-topic here, but yes, you need to set them at all of
the 3 places if you want them to be consistently applied across the
various tools. If you are interested just in setting the rounds for
password changes via passwd command and due to expiration on login, you
can just set the value in PAM configuration in the pam_unix arguments.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the selinux
mailing list