[rt-users] Password Encryption Used By RT
Rich Lafferty
rich+rt at lafferty.ca
Fri Nov 8 13:21:35 EST 2002
On Fri, Nov 08, 2002 at 10:41:39AM -0600, Rick Bradley <rt-users at rickbradley.com> wrote:
> * John Gedeon (jgedeon at qualcomm.com) [021108 10:32]:
> > I am evaluating the RT system and noticed that the passwords stored in the
> > database are encrypted (good job i wasn't expecting that :) ) but I was
> > wondering what algorithm was used. I hope its the same as unix based
> > passwords I am hoping to be able to add the functionality that all users in
> > RT that get greated by them sending in a request will have their unix
> > password (and id which is usually their email address as well) be their rt
> > pass. the easyiest way would ofcourse be cut encrypted pass from passfile
> > and paste into rt user table, but I wanted to make sure the encryption was
> > the same....
>
> The passwords are encrypted with crypt(). This is common for Unix
> passwords, but not necessarily identical with what a particular system
> uses. Many newer systems will use md5 login passwords which look a bit
> different, function similarly, and use a completely different hashing
> algorithm than crypt.
No, crypt() uses more than one algorithm on most systems that support
MD5 passwords, and figures out which to use by the hash. In my
experience, anything that works in your passwd file works in RT.
-Rich
--
Rich Lafferty --------------+-----------------------------------------------
Ottawa, Ontario, Canada | Save the Pacific Northwest Tree Octopus!
http://www.lafferty.ca/ | http://zapatopi.net/treeoctopus.html
rich at lafferty.ca -----------+-----------------------------------------------
More information about the rt-users
mailing list