Werk #14390: Automatically update deprectated password hashes

Komponente Setup
Titel Automatically update deprectated password hashes
Datum 02.11.2022
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 2.1.0p16 2.2.0b1
Level Kleine Änderung
Klasse Neues Feature
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

Deprecated hashes of user passwords stored in the htpasswd file will now be automatically updated to a more modern hash format when the respective user logs in. Specifically, password hashes created with the sha256-crypt algorithm will be udpated to bcrypt hashes.

sha256-crypt hashes are still considered secure for password hashing. However, we want to migrate all users' password hashes to the more modern bcrypt algorithm. For users whose passwords are hashed with sha256-crypt we can do so automatically in the background when they authenticate successfully.

Older and less secure password hashes, such as MD5, are not updated automatically.

Zur Liste aller Werks