summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-05-29 15:17:19 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-05-29 15:17:19 -0400
commit4152dca09e6a7d9b0da81cb5ac6f76e8f05d2a23 (patch)
treecc982e849a97ea7d4105dda3e3ae5ce4462b0775 /debian/changelog
parent774a5f86b2fa8dcbc561c50901cf655711e836dc (diff)
documentation for use of hashed passwords
Everything but the actual coding to support them.
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog9
1 files changed, 9 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 1d9f18320..fb448e7dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,15 @@ ikiwiki (2.48) UNRELEASED; urgency=low
explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl
5.8 needs this to avoid crashing on malformed utf-8, despite its docs
saying it is the default.
+ * passwordauth: If Authen::Passphrase is installed, use it to store
+ password hashes, crypted with Eksblowfish.
+ * Existing cleartext passwords in the userdb will be automatically hashed
+ (if Authen::Passphrase is installed) the next time a user logs in.
+ Or `ikiwiki-transition hashpassword /path/to/srcdir` can be used to force
+ a conversion.
+ * Passwords will no longer be mailed, but instead a password reset link
+ mailed.
+ * The password_cost config setting is provided as a "more security" knob.
-- Joey Hess <joeyh@debian.org> Wed, 28 May 2008 03:07:37 -0400