Re: You are required to change your password immediately (administrator enforced).
On 18/08/2021 21:16, Harald Dunkel wrote: ...sid becomes the next release in 2 years Sid is always sid. Testing (now Bookworm) will become stable in ~2 years. -- John
Re: You are required to change your password immediately (administrator enforced).
On 2021-08-18 14:16 +0200, Harald Dunkel wrote: > On 8/17/21 21:55, Sven Joachim wrote: >> On 2021-08-17 19:59 +0200, Harald Dunkel wrote: >> >>> >>> How can I make sure I don't have to change passwords on 400+ hosts? >> Do not run sid on 400+ hosts. Do not run testing either, especially >> in >> the first months after a release. >> > > Of course not. But sid becomes the next release in 2 years, and then it > might be to late to get rid of this lie. Feel free to file a bug against the libcrypt1 package and/or the release notes. The change itself looks quite reasonable to me though, as md5crypt hashes are really insecure these days. The following command could be used to check for old md5crypt password hashes, see crypt(5): sudo cat /etc/shadow | grep -F ':$1$' Cheers, Sven
Re: You are required to change your password immediately (administrator enforced).
On 8/17/21 21:55, Sven Joachim wrote: On 2021-08-17 19:59 +0200, Harald Dunkel wrote: How can I make sure I don't have to change passwords on 400+ hosts? Do not run sid on 400+ hosts. Do not run testing either, especially in the first months after a release. Of course not. But sid becomes the next release in 2 years, and then it might be to late to get rid of this lie. Regards Harri
Re: You are required to change your password immediately (administrator enforced).
On 2021-08-17 21:55 +0200, Sven Joachim wrote: > On 2021-08-17 19:59 +0200, Harald Dunkel wrote: > >> After the most recent update of a host running sid there was a >> password change dialog: >> >> You are required to change your password immediately (administrator >> enforced). >> You are required to change your password immediately (administrator >> enforced). > > Same here. The only package that could be related to this surprise > which I upgraded seems to be libcrypt1. Huh? Indeed libcrypt1 seems to the culprit. After changing my password and downgrading libcrypt1 (as well as libcrypt-dev) to the bullseye version I could restore my /etc/shadow from a backup without being nagged again. It also seems that the problem only occurs if you have not changed your password for quite a few years and it still has an md5 hash in /etc/shadow. For details see https://github.com/besser82/libxcrypt/issues/129. Cheers, Sven
Re: You are required to change your password immediately (administrator enforced).
On 2021-08-17 19:59 +0200, Harald Dunkel wrote: > After the most recent update of a host running sid there was a > password change dialog: > > You are required to change your password immediately (administrator enforced). > You are required to change your password immediately (administrator enforced). Same here. The only package that could be related to this surprise which I upgraded seems to be libcrypt1. Huh? > That would be me, but I cannot remember having set such a policy, so > WTH? Not to mention that this broke non-interactive ssh sessions as > well. > > How can I make sure I don't have to change passwords on 400+ hosts? Do not run sid on 400+ hosts. Do not run testing either, especially in the first months after a release. Cheers, Sven
You are required to change your password immediately (administrator enforced).
After the most recent update of a host running sid there was a password change dialog: You are required to change your password immediately (administrator enforced). You are required to change your password immediately (administrator enforced). That would be me, but I cannot remember having set such a policy, so WTH? Not to mention that this broke non-interactive ssh sessions as well. How can I make sure I don't have to change passwords on 400+ hosts? Regards Harri