Werk #14390: Automatically update deprectated password hashes

Component Setup
Title Automatically update deprectated password hashes
Date Nov 2, 2022
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.1.0p16 2.2.0b1
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed

Deprecated hashes of user passwords stored in the htpasswd file will now be automatically updated to a more modern hash format when the respective user logs in. Specifically, password hashes created with the sha256-crypt algorithm will be udpated to bcrypt hashes.

sha256-crypt hashes are still considered secure for password hashing. However, we want to migrate all users' password hashes to the more modern bcrypt algorithm. For users whose passwords are hashed with sha256-crypt we can do so automatically in the background when they authenticate successfully.

Older and less secure password hashes, such as MD5, are not updated automatically.

To the list of all Werks