Re: You are required to change your password immediately (administrator enforced).

[Sven Joachim <svenjoac@gmx.de>]

On 2021-08-18 14:16 +0200, Harald Dunkel wrote:

> On 8/17/21 21:55, Sven Joachim wrote:
>> On 2021-08-17 19:59 +0200, Harald Dunkel wrote:
>>
>>>
>>> How can I make sure I don't have to change passwords on 400+ hosts?
>> Do not run sid on 400+ hosts.  Do not run testing either, especially
>> in
>> the first months after a release.
>>
>
> Of course not. But sid becomes the next release in 2 years, and then it
> might be to late to get rid of this lie.

Feel free to file a bug against the libcrypt1 package and/or the release
notes.  The change itself looks quite reasonable to me though, as
md5crypt hashes are really insecure these days.

The following command could be used to check for old md5crypt password
hashes, see crypt(5):

sudo cat /etc/shadow | grep -F ':$1$'

Cheers,
       Sven