Re: system auth password hashing algorithm can also be required right?

(please indicate if you need someone to push for you) ? not quite sure what you mean, so that's probably a yes... On Tue, Aug 5, 2014 at 6:35 PM, Shawn Wells <shawn(a)redhat.com&gt; wrote: > > On 8/1/14, 4:35 PM, Jeremiah Jahn wrote: >> >> not just sufficient? >> >> diff --git a/shared/oval/set_password_hashing_algorithm_systemauth.xml >> b/shared/oval/set_password_hashing_algorithm_systemauth.xml >> index 8a5525e..2d71e8b 100644 >> --- a/shared/oval/set_password_hashing_algorithm_systemauth.xml >> +++ b/shared/oval/set_password_hashing_algorithm_systemauth.xml >> @@ -20,7 +20,7 @@ >> >> <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth >> for correct settings" id="object_pam_unix_sha512" version="1"> >> <ind:filepath>/etc/pam.d/system-auth</ind:filepath> >> - <ind:pattern operation="pattern >> >> match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> >> + <ind:pattern operation="pattern >> >> match">^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> >> <ind:instance datatype="int">1</ind:instance> >> </ind:textfilecontent54_object> > > > Yes, absolutely. Ack > > (please indicate if you need someone to push for you) > -- > SCAP Security Guide mailing list > scap-security-guide(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/