diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2024-06-02 23:10:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-02 23:10:26 +0200 |
commit | 6f02edec1a24d025b3249803cee6b0ae51c24d5b (patch) | |
tree | f8498d8fba9cd4eaf7164afe62a723fa8ed740e5 /nixos/doc/manual | |
parent | fa7656236f424e29caaa18d0be5d6198df4ca1cd (diff) | |
parent | d11d18df304bb7c51aba7e889621c7685daca4e8 (diff) |
Merge pull request #316358 from majewsky/portunus-remove-libxcrypt-legacy
Diffstat (limited to 'nixos/doc/manual')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2411.section.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 1e0af734ed40b..28264b0b3429d 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -30,6 +30,15 @@ for `stateVersion` ≥ 24.11. (It was previously using SQLite for structured data and the filesystem for blobs). +- The `portunus` package and service do not support weak password hashes anymore. + If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing. + Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes. + If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration: + ```nix + services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; }; + services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }; + ``` + ## Other Notable Changes {#sec-release-24.11-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> |