[rt-devel] password check
Darrin Walton
darrinw at nixc.net
Wed Feb 27 16:40:02 EST 2002
|+ Assuming RT uses des-crypt for its passwords, then its not a problem. DES-
|+ Crypt only deals with the first eight bytes of a given password string, the
|+ rest is thrown away. By the way, I think its lame that RT uses des-crypt
|+ passwords, it should use md5 or sha1. ;)
Supply a patch for RT that does md5 and/or sha1, and gives the user an
option within the config.pm to pick which crypt method to use.
Also, supply a program that would convert existing des-crypt to an
md5/sha1 password in the database :)
-darrin
More information about the Rt-devel
mailing list