Werk #14390: Automatically update deprectated password hashes
| Component | Setup | ||||
| Title | Automatically update deprectated password hashes | ||||
| Date | Nov 2, 2022 | ||||
| Level | Trivial Change | ||||
| Class | New Feature | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
Deprecated hashes of user passwords stored in the htpasswd file will now be automatically updated to a more modern hash format when the respective user logs in. Specifically, password hashes created with the sha256-crypt algorithm will be udpated to bcrypt hashes.
sha256-crypt hashes are still considered secure for password hashing. However, we want to migrate all users' password hashes to the more modern bcrypt algorithm. For users whose passwords are hashed with sha256-crypt we can do so automatically in the background when they authenticate successfully.
Older and less secure password hashes, such as MD5, are not updated automatically.