Rules Related To 'libuser'

Component overview

Relevant packages:

Relevant groups:

None

Changelog:

No changes recorded.

Relevant rules:

Rule details

Set Password Hashing Algorithm in /etc/libuser.conf

set_password_hashing_algorithm_libuserconf

Description

In /etc/libuser.conf, add or correct the following line in its [defaults] section to ensure the system will use the $var_password_hashing_algorithm_pam algorithm for password hashing:

crypt_style = $var_password_hashing_algorithm_pam

Rationale

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.

This setting ensures user and group account administration utilities are configured to store only encrypted representations of passwords. Additionally, the crypt_style configuration option in /etc/libuser.conf ensures the use of a strong hashing algorithm that makes password cracking attacks more difficult.