[arch-general] Upgrading password hashes

Mantas Mikulėnas grawity at gmail.com
Thu Jul 12 09:02:07 EDT 2012

On Thu, Jul 12, 2012 at 7:21 AM, C Anthony Risinger <anthony at xtfx.me> wrote:
> However PAM, also by design, works in stacks, and thus offers a reasonable
> solution -- update the `auth` and `password` PAM keys to the new algo (so
> new passwords are read/written properly) then duplicate the `auth` key,
> restore the original algo, and change `required` -> `sufficient`).  This
> would accept the old (higher in stack, sufficient) hash until that line was
> removed.

Are you sure the `auth` part is necessary? As far as I know, pam_unix
accepts /all/ hash formats supported by system; the configured hash is
only necessary for creating new hashes in `password`.

Mantas Mikulėnas

More information about the arch-general mailing list