Defect #8514

Custom Password storing break pam_mysql

Added by Daniel Varga over 10 years ago. Updated 11 months ago.

Status:ClosedStart date:2011-06-03
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Third-party libraries
Target version:-
Resolution:Wont fix Affected version:1.2.0

Description

With this version authentication against redmine's user db is not possible.

The hashed password is stored in the following form: SHA1(salt + SHA1(password))

This is from users.rb comment

The pam_mysql's algorithm doesn't support salt and doesn't use the algorithm above to retrieve passwords.

Detailed forum post:
http://www.redmine.org/boards/2/topics/24383


Related issues

Related to Redmine - Feature #7410: Add salt to user passwords Closed 2011-01-22

History

#1 Updated by Daniel Varga over 10 years ago

This bug is typical to 1.2.0 not 1.1.3... sorry

#2 Updated by Go MAEDA 11 months ago

#3 Updated by Go MAEDA 11 months ago

  • Category changed from Database to Third-party libraries
  • Status changed from New to Closed
  • Resolution set to Wont fix
  • Affected version changed from 1.1.3 to 1.2.0

There is no way to decrypt salted password data. So, the only way to satisfy this request is for Pam_mysql to support Redmine.

Please consider using Redmine.pm

Also available in: Atom PDF