On Thu, Jul 12, 2012 at 7:21 AM, C Anthony Risinger <anth...@xtfx.me> wrote: > However PAM, also by design, works in stacks, and thus offers a reasonable > solution -- update the `auth` and `password` PAM keys to the new algo (so > new passwords are read/written properly) then duplicate the `auth` key, > restore the original algo, and change `required` -> `sufficient`). This > would accept the old (higher in stack, sufficient) hash until that line was > removed.
Are you sure the `auth` part is necessary? As far as I know, pam_unix accepts /all/ hash formats supported by system; the configured hash is only necessary for creating new hashes in `password`. -- Mantas Mikulėnas
