[Rt-devel] Password storage format in RT3.6

Jesse Vincent jesse at bestpractical.com
Mon Sep 4 14:57:33 EDT 2006




On Tue, Aug 08, 2006 at 06:46:52PM +0200, Arne Georg Gleditsch wrote:
> Jesse Vincent wrote:
> >A patch would be much appreciated.
> 
> Appended.  Put together rather quickly, but I believe it to be sound. 
> Obviously should be reviewed carefully anyway.
> 
> >Depends who you ask. A number of sites are using RT as an authentication 
> >source for other services and rely on the fact that password storage is 
> >or becomes MD5.
> 
> Hm, and they rely on this non-salted md5-format to be used?  I that case 
> they'll be out of luck if we update the code to use salted md5 as well, 
> since the format is different.

Having asked around, I'm told that changing this would break PAM
compatibility, which scares me more than a little.

-j



More information about the Rt-devel mailing list