Defect #8514

Custom Password storing break pam_mysql

Added by Daniel Varga about 11 years ago. Updated over 1 year ago.

Status:ClosedStart date:2011-06-03
Priority:NormalDue date:
Assignee:-% Done:


Category:Third-party libraries
Target version:-
Resolution:Wont fix Affected version:1.2.0


With this version authentication against redmine's user db is not possible.

The hashed password is stored in the following form: SHA1(salt + SHA1(password))

This is from users.rb comment

The pam_mysql's algorithm doesn't support salt and doesn't use the algorithm above to retrieve passwords.

Detailed forum post:

Related issues

Related to Redmine - Feature #7410: Add salt to user passwords Closed 2011-01-22


#1 Updated by Daniel Varga about 11 years ago

This bug is typical to 1.2.0 not 1.1.3... sorry

#2 Updated by Go MAEDA over 1 year ago

#3 Updated by Go MAEDA over 1 year ago

  • Category changed from Database to Third-party libraries
  • Status changed from New to Closed
  • Resolution set to Wont fix
  • Affected version changed from 1.1.3 to 1.2.0

There is no way to decrypt salted password data. So, the only way to satisfy this request is for Pam_mysql to support Redmine.

Please consider using

Also available in: Atom PDF