[linux-pam] #54: Make strings used on login screen user-friendly
by fedora-badges
#54: Make strings used on login screen user-friendly
--------------------------+------------------------------
Reporter: catanzaro | Owner: pam-developers@…
Type: enhancement | Status: new
Priority: minor | Component: modules
Version: 1.2.x | Keywords:
Blocked By: | Blocking:
--------------------------+------------------------------
Hi,
For Fedora Workstation we would like to make some changes to strings in
Linux-PAM that appear on the login screen, to make the user experience a
bit more simple. Some of these strings contain technical terminology that
we'd like to remove:
"You are required to change your password immediately (root enforced)."
The problem with this string is that we expect users do not understand
what a root account is.
"(current) UNIX password:" "Enter new UNIX password:" "Retype new UNIX
password:" The problem with these strings is that we do not expect users
to understand what UNIX is. A user might become confused as to how a UNIX
password differs from a normal password, and not realize they are the same
thing.
At first I thought we might want to add an opt-in configuration setting to
tell PAM to avoid technical terminology in its prompts, in order to avoid
changing the strings sent to command-line applications like passwd (where
the user is expected to understand concepts like UNIX and root), but since
the required changes are so simple, I think it's probably best to avoid
this...?
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/54>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years
[linux-pam] #46: Fix build with musl libc
by fedora-badges
#46: Fix build with musl libc
----------------------+------------------------------
Reporter: yousong | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: | Keywords:
Blocked By: | Blocking:
----------------------+------------------------------
Hi, patch files in the attachments are produced when building libpam
within OpenWrt. Not long ago, OpenWrt switched to musl as the default
libc which is relatively and different from other implementations, e.g.
crypt() function is part of musl-libc itself, many old functions are
dropped from the implementation, etc.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/46>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years
[linux-pam] #53: pam_lastlog should have option to resolve hostname
by fedora-badges
#53: pam_lastlog should have option to resolve hostname
--------------------------+------------------------------
Reporter: chowbok | Owner: pam-developers@…
Type: enhancement | Status: new
Priority: trivial | Component: modules
Version: 1.2.x | Keywords:
Blocked By: | Blocking:
--------------------------+------------------------------
pam_lastlog should be able to report what host the user last logged in
from, not just the IP. It would be very cool if this could be added as an
option.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/53>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years
Add option to ignore password expiration in pam_unix
by Tomas Mraz
Hello,
OpenSSH sshd calls (correctly) pam_acct_mgmt even for authentication
methods that do not involve user passwords. The attached patch allows
pam_unix to optionally ignore the password expiration. What do you
think about it? Would it be OK to commit if I provide also
documentation of the no_pass_expiry option?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
8 years, 2 months
Raise salt length for the sha2 password hashes
by Tomas Mraz
Hello,
currently pam_unix hardcodes the new salt length when password is
changed to be 8 characters - this makes it due to the limitation to 64
only possible characters to be 48 bits long. This is slightly lower than
can be considered as long enough for any paranoid. I propose to make it
12 characters which should satisfy any paranoid person as rainbow tables
of 2^72 hashes for each tested password can hardly be created in the
foreseeable future.
Or do you think that the current salt length should be sufficient and
stay as is?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
8 years, 2 months
