[Rt-devel] Password storage format in RT3.6
Jesse Vincent
jesse at bestpractical.com
Mon Sep 4 14:57:33 EDT 2006
On Tue, Aug 08, 2006 at 06:46:52PM +0200, Arne Georg Gleditsch wrote:
> Jesse Vincent wrote:
> >A patch would be much appreciated.
>
> Appended. Put together rather quickly, but I believe it to be sound.
> Obviously should be reviewed carefully anyway.
>
> >Depends who you ask. A number of sites are using RT as an authentication
> >source for other services and rely on the fact that password storage is
> >or becomes MD5.
>
> Hm, and they rely on this non-salted md5-format to be used? I that case
> they'll be out of luck if we update the code to use salted md5 as well,
> since the format is different.
Having asked around, I'm told that changing this would break PAM
compatibility, which scares me more than a little.
-j
More information about the Rt-devel
mailing list