You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the Issue
In #232 a problem was raised because the remember option should not be used with the pam_unix.so module, but task 5.5.3 and 5.5.4 do. In PR #240, task 5.5.3 was changed to use the pam_pwhistory.so module. A long comment has also been added to explain why pam_pwhistory.so is used instead of pam_unix.so.
However, task 5.5.4 Ensure password hashing algorithm is SHA-512 still limits password reusability with the pam_unix.so module. Even though the task has nothing to do with password reuse.
Expected Behavior
Task 5.5.4 Ensure password hashing algorithm is SHA-512 should only change the hashing algorithm, not limit password reuse.
Actual Behavior
The task 5.5.4 Ensure password hashing algorithm is SHA-512 has 2 tasks:
Set the password hashing algorithm to SHA-512
Limit the password reuse with the pam_unix.so module in /etc/pam.d/password-auth and /etc/pam.d/system-auth.
Thank you for this issue, i can see you are referring to the older benchmark version 2.0.0.
CIS v3.0 was released a whil ago.
I have therefore added these fixes to a new locked branch called benchamrk_v2.0.0.
Thank you again for your time regarding this issue. You should find that this fix was merged into devel and is now in the main branch. I will close this issue, please feel free to reopen if this is not resolved as expected.
Describe the Issue
In #232 a problem was raised because the remember option should not be used with the pam_unix.so module, but task 5.5.3 and 5.5.4 do. In PR #240, task 5.5.3 was changed to use the pam_pwhistory.so module. A long comment has also been added to explain why pam_pwhistory.so is used instead of pam_unix.so.
However, task 5.5.4 Ensure password hashing algorithm is SHA-512 still limits password reusability with the pam_unix.so module. Even though the task has nothing to do with password reuse.
Expected Behavior
Task 5.5.4 Ensure password hashing algorithm is SHA-512 should only change the hashing algorithm, not limit password reuse.
Actual Behavior
The task 5.5.4 Ensure password hashing algorithm is SHA-512 has 2 tasks:
Control(s) Affected
v8 3.11 Encrypt Sensitive Data at Rest
v7 16.4 Encrypt or Hash all Authentication Credentials
Environment (please complete the following information):
Additional Notes
Possible Solution
Remove the task "5.5.4 | PATCH | Ensure password reuse is limited | pwhistory"
The text was updated successfully, but these errors were encountered: