diff options
| author | Winter <winter@winter.cafe> | 2022-11-29 20:22:02 -0500 |
|---|---|---|
| committer | Winter <winter@winter.cafe> | 2022-11-29 21:07:36 -0500 |
| commit | b937bf637f14efa210afc83f30736cb3487d3ad9 (patch) | |
| tree | 72c0d4513aa59be9f3f1c17e98b05c9cb71d116b /nixos/doc/manual/release-notes/rl-2211.section.md | |
| parent | e81b0cec91c35a427ed4d0fe2df3c74344a14c72 (diff) | |
nixos/doc/rl-2211: add entry for libxcrypt migration
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2211.section.md')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 7a5e6ead8760e..3229485e32822 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -6,6 +6,13 @@ This release is supported until the end of June 2023, handing over to NixOS 23.0 In addition to numerous new and upgraded packages, this release includes the following highlights: +- Software that uses the `crypt` password hashing API is now using the implementation provided by [`libxcrypt`](https://github.com/besser82/libxcrypt) instead of glibc's, which enables support for more secure algorithms. + - Support for algorithms that `libxcrypt` [does not consider strong](https://github.com/besser82/libxcrypt/blob/v4.4.28/lib/hashes.conf#L41) are **deprecated** as of this release, and will be removed in NixOS 23.05. + - This includes system login passwords. Given this, we **strongly encourage** all users to update their system passwords, as you will be unable to login if password hashes are not migrated by the time their support is removed. + - When using `users.users.<name>.hashedPassword` to configure user passwords, run `mkpasswd`, and use the yescrypt hash that is provided as the new value. + - On the other hand, for interactively configured user passwords, simply re-set the passwords for all users with `passwd`. + - This release introduces warnings for the use of deprecated hash algorithms for both methods of configuring passwords. To make sure you migrated correctly, run `nixos-rebuild switch`. + - GNOME has been upgraded to version 43. Please take a look at their [Release Notes](https://release.gnome.org/43/) for details. - KDE Plasma has been upgraded from v5.24 to v5.26. Please see the release notes for [v5.25](https://kde.org/announcements/plasma/5/5.25.0/) and [v5.26](https://kde.org/announcements/plasma/5/5.26.0/) for more details on the included changes. |