login.defs: include HMAC_CRYPTO_ALGO key
Include the new HMAC_CRYPTO_ALGO key that is needed by pam_timestamp to select the algorithm that is going to be used to calculate the message authentication code. pam_timestamp is currently using an embedded algorithm to calculate the HMAC message, but the idea is to improve this behaviour by relying on openssl's implementation. On top of that, the ability to change the algorithm with a simple configuration change allows to simplify the process of removing unsecure algorithms. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
This commit is contained in:
Iker Pedrosa
@@ -467,3 +467,13 @@ USERGROUPS_ENAB yes
|
||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||
|
||||
PREVENT_NO_AUTH superuser
|
||||
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
# authentication code.
|
||||
#
|
||||
# Note: It is recommended to check hmac(3) to see the possible algorithms
|
||||
# that are available in your system.
|
||||
#
|
||||
#HMAC_CRYPTO_ALGO SHA512
|
||||
|
||||
Reference in New Issue
Block a user