-----BEGIN PGP SIGNED MESSAGE-----
Looking again I think it’s talking about sha-512 for other (non-password
hashing) purposes, so nevermind. Can you add this functionality?
Sure… it’s not like Linux changed that much between kernels to make
some common math impossible in 10 where it works in 11, but will it be
supported? That’s probably a different story. Can you enable it with a
weird hack of Yast, or can you only get it to work from the command
line? More good questions. Are you willing to take those risks?
Again, more good questions.
This all started with something about NIS on RHEL. I assume you would
be authenticating to SLES 10 (or any system, 10, 11, or another distro)
just using the NIS setup as a credential store. If that’s the case,
what does SLES support of sha-512 have to do with this? Is it SLES’s
job to sha-512 hash the password, maybe with some salt even, and then
send it across to the server for verification? If there’s a salt, how
does it know what that is? I’m more familiar with LDAP-stye
authentication and most of the systems I’ve seen there send the real
password (securely) to the backend datastore for verification, so they
don’t need to support anything other than SSL to work properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----