this will hash the password of new users or rehash the password on password changes using 'yescrypt', which is the default in Debian since Bullseye[0].
0: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#pam-default-password Reported-by: Trent W. Buck <trentb...@gmail.com> Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- Notes: requires corresponding pve-common change, but will fallback to previous default sha256 on older pve-common versions by virtue of the new parameter being ignored. src/PVE/Auth/PAM.pm | 2 +- src/PVE/Auth/PVE.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PVE/Auth/PAM.pm b/src/PVE/Auth/PAM.pm index feabc0b..85c6d12 100755 --- a/src/PVE/Auth/PAM.pm +++ b/src/PVE/Auth/PAM.pm @@ -72,7 +72,7 @@ sub store_password { my $cmd = ['usermod']; - my $epw = PVE::Tools::encrypt_pw($password); + my $epw = PVE::Tools::encrypt_pw($password, 'y'); push @$cmd, '-p', $epw, $username; diff --git a/src/PVE/Auth/PVE.pm b/src/PVE/Auth/PVE.pm index de39d35..f17d716 100755 --- a/src/PVE/Auth/PVE.pm +++ b/src/PVE/Auth/PVE.pm @@ -95,7 +95,7 @@ sub store_password { lock_shadow_config(sub { my $shadow_cfg = cfs_read_file($shadowconfigfile); - my $epw = PVE::Tools::encrypt_pw($password); + my $epw = PVE::Tools::encrypt_pw($password, 'y'); $shadow_cfg->{users}->{$username}->{shadow} = $epw; cfs_write_file($shadowconfigfile, $shadow_cfg); }); -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
