Version
4.19.0 of the shadow-utils
project has been released. Notable changes in this release include
disallowing
some usernames that were previously accepted with the
--badname option, and removing
support for escaped newlines in configuration files. Possibly more
interesting is the announcement that the project is deprecating a
number of programs, hashing algorithms, and the ability to
periodically expire passwords:
Scientific research shows that periodic password expiration
leads to predictable password patterns, and that even in a
theoretical scenario where that wouldn't happen the gains in
security are mathematically negligible (paper
link).
Modern security standards, such as NIST SP 800-63B-4 in the USA,
prohibit periodic password expiration. [...]
To align with these, we're deprecating the ability to
periodically expire passwords. The specifics and long-term
roadmap are currently being discussed, and we invite feedback
from users, particularly from those in regulated environments.
See #1432.
The release announcement notes that the features will remain
functional "for a significant period" to minimize
disruption.
https://lwn.net/Articles/1052435/
--- SBBSecho 3.34-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)