[rt-users] User password processing
Guillaume Perréal
perreal at lyon.cemagref.fr
Wed Oct 15 09:04:57 EDT 2003
Mike Frazer a écrit :
>Where in the RT3 code is user password processing/checking performed? Or
>better yet, what routine is used to create the hash for checking a password
>against the contents of the user record in the database? I need to prepare
>an automated script to check passwords but I need to be able to figure out
>what routine is used for comparison. I assume from the contents of the user
>table that the password is stored as a one-way hash (MD5 didn't work for me,
>nor did Perl's crypt() function).
>
Look into RT/User_Overlay.pm for sub _GeneratePassword. It generates a
MD5 hash in *base64* encoding.
I hacked it to generate MD5 in *hex* encoding instead, so mod_auth_mysql
could be used to authenticate some users against the database while
others users are authenticated by another module using PAM.
--
Guillaume Perréal.
Responsable informatique,
Cemagref, groupement de Lyon,
France.
Tél: (+33) 4.72.20.87.87.
Fax: (+33) 4.78.47.78.75.
Site: http://www.lyon.cemagref.fr/
More information about the rt-users
mailing list