nixos/doc/rl-2211: add entry for libxcrypt migration
This commit is contained in:
parent
e81b0cec91
commit
b937bf637f
2 changed files with 63 additions and 0 deletions
|
@ -11,6 +11,62 @@
|
|||
includes the following highlights:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Software that uses the <literal>crypt</literal> password
|
||||
hashing API is now using the implementation provided by
|
||||
<link xlink:href="https://github.com/besser82/libxcrypt"><literal>libxcrypt</literal></link>
|
||||
instead of glibc’s, which enables support for more secure
|
||||
algorithms.
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
Support for algorithms that <literal>libxcrypt</literal>
|
||||
<link xlink:href="https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41">does
|
||||
not consider strong</link> are
|
||||
<emphasis role="strong">deprecated</emphasis> as of this
|
||||
release, and will be removed in NixOS 23.05.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
This includes system login passwords. Given this, we
|
||||
<emphasis role="strong">strongly encourage</emphasis> all
|
||||
users to update their system passwords, as you will be
|
||||
unable to login if password hashes are not migrated by the
|
||||
time their support is removed.
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
When using
|
||||
<literal>users.users.<name>.hashedPassword</literal>
|
||||
to configure user passwords, run
|
||||
<literal>mkpasswd</literal>, and use the yescrypt hash
|
||||
that is provided as the new value.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
On the other hand, for interactively configured user
|
||||
passwords, simply re-set the passwords for all users
|
||||
with <literal>passwd</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
This release introduces warnings for the use of
|
||||
deprecated hash algorithms for both methods of
|
||||
configuring passwords. To make sure you migrated
|
||||
correctly, run
|
||||
<literal>nixos-rebuild switch</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
GNOME has been upgraded to version 43. Please take a look at
|
||||
|
|
|
@ -6,6 +6,13 @@ This release is supported until the end of June 2023, handing over to NixOS 23.0
|
|||
|
||||
In addition to numerous new and upgraded packages, this release includes the following highlights:
|
||||
|
||||
- Software that uses the `crypt` password hashing API is now using the implementation provided by [`libxcrypt`](https://github.com/besser82/libxcrypt) instead of glibc's, which enables support for more secure algorithms.
|
||||
- Support for algorithms that `libxcrypt` [does not consider strong](https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41) are **deprecated** as of this release, and will be removed in NixOS 23.05.
|
||||
- This includes system login passwords. Given this, we **strongly encourage** all users to update their system passwords, as you will be unable to login if password hashes are not migrated by the time their support is removed.
|
||||
- When using `users.users.<name>.hashedPassword` to configure user passwords, run `mkpasswd`, and use the yescrypt hash that is provided as the new value.
|
||||
- On the other hand, for interactively configured user passwords, simply re-set the passwords for all users with `passwd`.
|
||||
- This release introduces warnings for the use of deprecated hash algorithms for both methods of configuring passwords. To make sure you migrated correctly, run `nixos-rebuild switch`.
|
||||
|
||||
- GNOME has been upgraded to version 43. Please take a look at their [Release Notes](https://release.gnome.org/43/) for details.
|
||||
|
||||
- KDE Plasma has been upgraded from v5.24 to v5.26. Please see the release notes for [v5.25](https://kde.org/announcements/plasma/5/5.25.0/) and [v5.26](https://kde.org/announcements/plasma/5/5.26.0/) for more details on the included changes.
|
||||
|
|
Loading…
Reference in a new issue