Description of problem: For years I had a tcb converted system based on suggestions of V.Danen until Mageia's pam stopped this: From pam changelog I quote: * Sun Jul 31 2016 philippem <philippem> 1.3.0-3.mga6 + Revision: 1044163 - add post to be sure to remove tcb and use sha512 ... * Thu Jul 28 2016 philippem <philippem> 1.3.0-2.mga6 + Revision: 1043840 .... - don't rely on tcb, use sha512 mga#18930, mga#17504 + tv <tv> .... - kill commented out tcb obsoleting unix (dead since 2008) unquote So after the quoted changes I unconverted my systems from tcb and removed the *tcb* packages. But yesterday the upgrade to pam-1.3.0-7 required the *tcb* packages again so they were pulled in by urpmi ("...--skip..." did not work). But after this upgrade I could simply remove the *tcb* packages again with urpme. The *tcb* packages are: tcb, pam_tcb, nss_tcb and lib64tcb0 I am not a dev, so shoot me if I am wrong, but the requirements for *tcb* seem superfluous if I can remove them immediately after upgrade. Please remove the need for *tcb* if you agree. Thanks.
From bug #16467, comment #21 and bug #16467, comment #22 I understand that we switched to sha512 because it is easier to maintain... it seems we were the only ones to use blowfish by default. However, we _only_ switched for newly created users and new passwords, we never forced all Mageia-users to redo their blowfish passwords. The reason that you can remove tcb, is that it is only required to install pam, but not to use pam. http://svnweb.mageia.org/packages/cauldron/pam/current/SPECS/pam.spec?revision=1251145&view=markup#l72 Is it possible, and _safe_, to remove it, if there are some lines starting with "$2a$" in /etc/shadow ?
Assignee: bugsquad => basesystemCC: (none) => marja11, pterjanSource RPM: pam-1.3.0-7.mga7 => pam-1.3.0-7.mga7, tcb-1.1-8.mga7Summary: Changelog 2016 says do not rely on tcb so I unconverted from tcb but upgrade requires it again !? => Changelog 2016 says do not rely on tcb so I unconverted from tcb but pam upgrade requires it again !?