[rt-users] User password processing

Guillaume Perréal perreal at lyon.cemagref.fr
Wed Oct 15 09:04:57 EDT 2003


Mike Frazer a écrit :

>Where in the RT3 code is user password processing/checking performed?  Or
>better yet, what routine is used to create the hash for checking a password
>against the contents of the user record in the database?  I need to prepare
>an automated script to check passwords but I need to be able to figure out
>what routine is used for comparison.  I assume from the contents of the user
>table that the password is stored as a one-way hash (MD5 didn't work for me,
>nor did Perl's crypt() function).
>
Look into RT/User_Overlay.pm for sub _GeneratePassword. It generates a 
MD5 hash in *base64* encoding.

I hacked it to generate MD5 in *hex* encoding instead, so mod_auth_mysql 
could be used to authenticate some users against the database while 
others users are authenticated by another module using PAM.

-- 
Guillaume Perréal.

Responsable informatique,
Cemagref, groupement de Lyon,
France.

Tél: (+33) 4.72.20.87.87.
Fax: (+33) 4.78.47.78.75.
Site: http://www.lyon.cemagref.fr/





More information about the rt-users mailing list