[Rt-devel] Password storage format in RT3.6
jesse at bestpractical.com
Mon Sep 4 14:57:33 EDT 2006
On Tue, Aug 08, 2006 at 06:46:52PM +0200, Arne Georg Gleditsch wrote:
> Jesse Vincent wrote:
> >A patch would be much appreciated.
> Appended. Put together rather quickly, but I believe it to be sound.
> Obviously should be reviewed carefully anyway.
> >Depends who you ask. A number of sites are using RT as an authentication
> >source for other services and rely on the fact that password storage is
> >or becomes MD5.
> Hm, and they rely on this non-salted md5-format to be used? I that case
> they'll be out of luck if we update the code to use salted md5 as well,
> since the format is different.
Having asked around, I'm told that changing this would break PAM
compatibility, which scares me more than a little.
More information about the Rt-devel