> On 22 Jul 2022, at 20:10, Mikhail Koliada <zlog...@gentoo.org> wrote:
> Hello!
> This idea has been fluctuating in my head for quite a while given that the 
> migration had happened
> a while ago [0] and some other major distributions have already adopted 
> yescrypt as their default algo
> by now [1]. For us switching is as easy as changing the default use flag in 
> pambase and rehashing the password
> with the ‘passwd’ call (a news item will be required).
> What do you think?
> P.S. surely, I am only speaking about the local auth method based on shadow 
> and also about the pam-based systems as the change is going
> to mainly impact the pam_unix.so calls in the pam’s stack.
> Pamless or the systems with an alternative auth methods is a different story.
> [0] - 
> https://www.gentoo.org/support/news-items/2021-10-18-libxcrypt-migration-stable.html
> [1] - 
> https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow

It's fine with me although I guess I'm a bit reluctant when the libxcrypt stuff 
is still biting
some users.

My preference would be to wait a few more months, but I don't feel strongly 
about it,
and won't object if we want to move forward sooner.

Overall though, it's a good idea, although I'd welcome Jason's input
on alternatives first. CC'd.


Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to