[rt-users] RT3 encryption

Scott T. Cameron karn at routehero.com
Wed Nov 26 09:00:51 EST 2003


On Tue, Nov 25, 2003 at 09:49:24PM -0800, Robert Spier wrote:
> > How are the passwords stored in the database?  It looks like an MD5
> > hash without a salt.  We're attempting to migrate from the internal
> 
> MD5 itself doesn't use a salt.
> 
> And RT doesn't add one.
> 
> RT::User_Overlay.pm ...
>     my $md5 = Digest::MD5->new();
>     $md5->add($password);
>     return ($md5->b64digest);

Right.  Do you know if there's a way for apache's 'htaccess' mechanism to read a salt-less MD5 password?  I haven't been able to get this to work yet.

Scott



More information about the rt-users mailing list