[pbs-devel] [PATCH proxmox-backup 11/12] auth/manager: add manager command to upgrade hashes

Stefan Sterz s.sterz at proxmox.com
Fri Feb 23 10:26:36 CET 2024


On Mon Feb 19, 2024 at 8:06 PM CET, Max Carrara wrote:
> On 2/15/24 16:20, Stefan Sterz wrote:

-- >8 snip 8< --

> > ---
> > note that once an admin has upgraded a hash, downgrading
> > proxmox-backup-server will break logging in for all users with upgraded
> > passwords. an admin would then need to manually reset the password via
> > `proxmox-backup-manager user update <user> --password <pw>`.
>
> I think this is why we should implement dealing with all hashes we desire
> before the next major release, so that this doesn't happen. I can see this
> potentially cause quite a stir for some users.
>
> If we're able to differ between hash types (I think you mentioned we can)
> then we should represent the variants we may use *now* and prefer using
> the upgraded hash with the next major release. Or in other words, IMO we
> should remain forward compatible, at least (and at most) for one major
> version bump.
>

as i'd retract this patch too (see my response to patch 07), i think
this is a non-issue for now.

but yeah, dealing with this in a cleaner manner might make sense. the
problem here is that we'd need the newer version of the verify function
in the version that you want to downgrade to (note that we do not
support downgrades). you'd get that with the patch to `proxmox-sys` and
a bumped dependency in pbs automatically though, so this is kind of
seperate to this patch.

-- >8 snip 8< ---




More information about the pbs-devel mailing list