[rt-devel] password check

Jesse Vincent jesse at bestpractical.com
Wed Feb 27 16:59:35 EST 2002


I could be easily convinced to move to storing md5 passwords as the default going
forward. iirc, the reason that I picked des-crypt passwords was to ease transition
from other systems *coughbugzillacough* which already used crypted passwords. 

The only requirement would be that the new system be able to verify against
existing crypted passwords and, perhaps, replace them with md5ed passwords on
first login.

	-j


On Wed, Feb 27, 2002 at 04:40:02PM -0500, Darrin Walton wrote:
>   |+ Assuming RT uses des-crypt for its passwords, then its not a problem.  DES-
>   |+ Crypt only deals with the first eight bytes of a given password string, the 
>   |+ rest is thrown away.  By the way, I think its lame that RT uses des-crypt 
>   |+ passwords, it should use md5 or sha1. ;) 
> 
> Supply a patch for RT that does md5 and/or sha1, and gives the user an
> option within the config.pm to pick which crypt method to use.
> 
> Also, supply a program that would convert existing des-crypt to an
> md5/sha1 password in the database :)
> 
> -darrin
> 
> 
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
> 

-- 
http://www.bestpractical.com/products/rt  -- Trouble Ticketing. Free.




More information about the Rt-devel mailing list