about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorMartin Weinelt2023-03-12 17:59:01 +0100
committerMartin Weinelt2023-03-13 07:54:27 +0100
commit4472cf44eba4991e46904c588e07dfe8e6fcceb8 (patch)
tree50d184541bb5d1163027a0fbf11303ac95db4681 /nixos
parent909f394f28c637a6d5a269d893b77e095b2812eb (diff)
treewide: Make yescrypt the default algorithm for pam_unix.so
This ensures `passwd` will default to yescrypt for newly generated
passwords.
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/security/pam.nix2
-rw-r--r--nixos/modules/services/x11/display-managers/gdm.nix2
-rw-r--r--nixos/modules/services/x11/display-managers/lightdm.nix2
-rw-r--r--nixos/tests/pam/test_chfn.py2
4 files changed, 4 insertions, 4 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 4224722f8792..d57dec36c328 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -620,7 +620,7 @@ let
           optionalString config.services.homed.enable ''
             password sufficient ${config.systemd.package}/lib/security/pam_systemd_home.so
           '' + ''
-            password sufficient pam_unix.so nullok sha512
+            password sufficient pam_unix.so nullok yescrypt
           '' +
           optionalString config.security.pam.enableEcryptfs ''
             password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so
diff --git a/nixos/modules/services/x11/display-managers/gdm.nix b/nixos/modules/services/x11/display-managers/gdm.nix
index 1c3881bef2de..f8f82bda3fa4 100644
--- a/nixos/modules/services/x11/display-managers/gdm.nix
+++ b/nixos/modules/services/x11/display-managers/gdm.nix
@@ -323,7 +323,7 @@ in
 
         account   sufficient    pam_unix.so
 
-        password  requisite     pam_unix.so nullok sha512
+        password  requisite     pam_unix.so nullok yescrypt
 
         session   optional      pam_keyinit.so revoke
         session   include       login
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index 65f414705fc5..548d3c5bc46a 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -302,7 +302,7 @@ in
 
         account   sufficient    pam_unix.so
 
-        password  requisite     pam_unix.so nullok sha512
+        password  requisite     pam_unix.so nullok yescrypt
 
         session   optional      pam_keyinit.so revoke
         session   include       login
diff --git a/nixos/tests/pam/test_chfn.py b/nixos/tests/pam/test_chfn.py
index b108a9423caf..a48438b8d305 100644
--- a/nixos/tests/pam/test_chfn.py
+++ b/nixos/tests/pam/test_chfn.py
@@ -8,7 +8,7 @@ expected_lines = {
     "auth sufficient pam_rootok.so",
     "auth sufficient pam_unix.so   likeauth try_first_pass",
     "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass",
-    "password sufficient pam_unix.so nullok sha512",
+    "password sufficient pam_unix.so nullok yescrypt",
     "session optional @@pam_krb5@@/lib/security/pam_krb5.so",
     "session required pam_env.so conffile=/etc/pam/environment readenv=0",
     "session required pam_unix.so",
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-16 17:04:21 +0000