From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Samuel FORESTIER <samuel+dev@forestier.app>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api 0/1] user config: password: allows (gost-)yescrypt, hashes
Date: Fri, 6 Feb 2026 11:53:28 +0100 [thread overview]
Message-ID: <20260206115328.74115c4a@rosa.proxmox.com> (raw)
In-Reply-To: <576e113b-a610-47d6-99fa-c980e8c96e57@forestier.app>
Hi,
Thank you for the patch and your interest in contributing to Proxmox Mail
Gateway!
question/comment inline:
On Fri, 23 Jan 2026 18:13:16 +0000
Samuel FORESTIER <samuel+dev@forestier.app> wrote:
> From 208b1364b8b83324aef594eb66794c231e162cb9 Mon Sep 17 00:00:00 2001
> From: Samuel FORESTIER <samuel+dev@forestier.app>
> Date: Fri, 23 Jan 2026 18:45:43 +0100
> Subject: [PATCH pmg-api 0/1] user config: password: allows
> (gost-)yescrypt hashes
>
> Dear developers,
>
> This patch extends user config 'crypt_pass' field validation pattern to
> support
> yescrypt and gost-yescrypt hash formats (regarding crypt(5) documentation).
> This allows direct synchronization of PAM users to PMG realm, when their
> passwords are hashed using yescrypt.
It is possible to create a user in the PAM realm (just like in our other
products) - then you can simply login with the user - and their password
should be checked by PAM. This has the advantage that you do not duplicate
the password information and it stays consistent.
Currently creating users with realm PAM in the GUI is disabled (afair
simply because we haven't seen reports where people would want to have
many system-users as users in their PMG), but this could potentially be
allowed - if there is a use-case which benefits from this.
see: https://bugzilla.proxmox.com/show_bug.cgi?id=6488 for the request to
hide the realm (expecting it not to be needed)
What is your use-case - how do you create the users on the system, and
would there be any upside for you to keep 2 copies of the password
(compared to having the user@pam directly ask PAM)?
Regarding the patch itself allowing other password-hashes (and maybe
changing the default to yescrypt - as currently recommended by mkpasswd)
might be ok.
Thanks again!
stoiko
>
> BR
>
> Samuel FORESTIER (1):
> user config: password: allows (gost-)yescrypt hashes
>
> src/PMG/UserConfig.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
next prev parent reply other threads:[~2026-02-06 10:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-23 18:13 Samuel FORESTIER
2026-01-23 18:18 ` [pmg-devel] [PATCH pmg-api 1/1] user config: password: allows (gost-)yescrypt hashes Samuel FORESTIER
2026-02-06 10:53 ` Stoiko Ivanov [this message]
2026-02-06 11:02 ` [pmg-devel] [PATCH pmg-api 0/1] user config: password: allows (gost-)yescrypt, hashes Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260206115328.74115c4a@rosa.proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
--cc=samuel+dev@forestier.app \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.