[pbs-devel] [PATCH proxmox-backup 10/12] auth: upgrade hashes on user log in
Stefan Sterz
s.sterz at proxmox.com
Fri Feb 23 10:26:32 CET 2024
On Mon Feb 19, 2024 at 7:58 PM CET, Max Carrara wrote:
> On 2/15/24 16:19, Stefan Sterz wrote:
-- >8 snip 8< --
> > + // if the password hash is not based on the current hashing function (as
> > + // identified by its prefix), rehash the password.
> > + if !enc_password.starts_with(proxmox_sys::crypt::HASH_PREFIX) {
> > + // ignore errors here, we already authenticated the user, re-hashing the
> > + // password should not prevent them from logging in.
> > + let _ = self.store_password(username, password, client_ip);
>
> IMO this should be logged somewhere instead of just swallowing the
> error silently, possibly even warning the user or admin that re-hashing
> failed (while letting them log on anyways).
>
> The point of this series is to move away from the old stuff, so we
> should ensure that we actually do.
>
makes sense to log this, but warning the users is probably not all that
useful. most users won't be able to do anything about the warning (with
exception of admins who should watch the logs anyway) and it is probably
more confusing than helpful.
-- >8 snip 8< --
More information about the pbs-devel
mailing list