12 Jul
2012
12 Jul
'12
1:02 p.m.
On Thu, Jul 12, 2012 at 7:21 AM, C Anthony Risinger <anthony@xtfx.me> wrote:
However PAM, also by design, works in stacks, and thus offers a reasonable solution -- update the `auth` and `password` PAM keys to the new algo (so new passwords are read/written properly) then duplicate the `auth` key, restore the original algo, and change `required` -> `sufficient`). This would accept the old (higher in stack, sufficient) hash until that line was removed.
Are you sure the `auth` part is necessary? As far as I know, pam_unix accepts /all/ hash formats supported by system; the configured hash is only necessary for creating new hashes in `password`. -- Mantas Mikulėnas