Project

General

Profile

Actions

Defect #8514

closed

Custom Password storing break pam_mysql

Added by Daniel Varga over 13 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Third-party libraries
Target version:
-
Start date:
2011-06-03
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

With this version authentication against redmine's user db is not possible.

The hashed password is stored in the following form: SHA1(salt + SHA1(password))

This is from users.rb comment

The pam_mysql's algorithm doesn't support salt and doesn't use the algorithm above to retrieve passwords.

Detailed forum post:
http://www.redmine.org/boards/2/topics/24383


Related issues

Related to Redmine - Feature #7410: Add salt to user passwordsClosed2011-01-22

Actions
Actions #1

Updated by Daniel Varga over 13 years ago

This bug is typical to 1.2.0 not 1.1.3... sorry

Actions #2

Updated by Go MAEDA about 4 years ago

Actions #3

Updated by Go MAEDA about 4 years ago

  • Category changed from Database to Third-party libraries
  • Status changed from New to Closed
  • Resolution set to Wont fix
  • Affected version changed from 1.1.3 to 1.2.0

There is no way to decrypt salted password data. So, the only way to satisfy this request is for Pam_mysql to support Redmine.

Please consider using Redmine.pm

Actions

Also available in: Atom PDF