[MDL-20365] Salted Crypt passwords option for external database authentication - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.9.5, 2.7
Fix Version/s: 2.9
Component/s: Authentication
Labels:
- api_change
- ci
- ui_change

Affected Branches:
MOODLE_19_STABLE, MOODLE_27_STABLE
Fixed Branches:
MOODLE_29_STABLE
Pull from Repository:
https://github.com/MorrisR2/moodle
Pull Master Branch:
~~MDL-20365~~_auth_db_salted_passwords
Pull Master Diff URL:
https://github.com/MorrisR2/moodle/compare/MDL-20365_auth_db_salted_passwords
Difficulty:
Easy
Testing Instructions:
Hide

Set up a database for authentication as per the standard usage of this module.

Ensure the password field allows at least 62 characters.

Set Site Administration > Plugins > Administration > External Database > * Password format to "salted crypt()"

Update the password field for a user with a command such as:
UPDATE user SET passwd=ENCRYPT('12345','$5$hdus85k$');

Try to log in with an incorrect password and ensure it doesn't work.

Log in using the user name and the password set above. (12345 in the example). Ensure it works.
Show
Set up a database for authentication as per the standard usage of this module. Ensure the password field allows at least 62 characters. Set Site Administration > Plugins > Administration > External Database > * Password format to "salted crypt()" Update the password field for a user with a command such as: UPDATE user SET passwd=ENCRYPT('12345','$5$hdus85k$'); Try to log in with an incorrect password and ensure it doesn't work. Log in using the user name and the password set above. (12345 in the example). Ensure it works.

Description

This patch adds an option to use Salted Crypt passwords for the password format with external database authentication. Unix passwords are often encrypted with salt characters. The salt characters become part of the encrypted password. To test a new plain password to see if it's valid, you must encrypt the new password it with the same salt characters as the old password, then compare the result.. Salted Crypt passwords happened to be used in the database of the system I needed to authenticate against. Hence this patch.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

patch.2.x.txt
4 kB
14/Sep/11 12:39 AM
patch.txt
4 kB
28/Sep/09 7:12 PM

Issue Links

has a non-specific relationship to

MDL-43917 Add salted password support for auth/db

Closed

MDL-50871 Implement PBKDF2 authentication to auth_db (will support django)

Closed

has been marked as being related by

MDL-42715 provide bcrypt for external database auth

Closed

is duplicated by

MDL-42715 provide bcrypt for external database auth

Closed

Activity

People

Assignee:: Ray Morris

Reporter:: Scott

Peer reviewer:: David Monllaó

Integrator:: Sam Hemelryk

Tester:: Adrian Greeve

Participants:: Adrian Greeve, CiBoT, Dan Poltawski, David Monllaó, Eloy Lafuente (stronk7), John Okely, Mary Cooch, Michael de Raadt, Petr Skoda, Rajesh Taneja, Ray Morris, Sam Hemelryk, Scott, Tamas Pinter

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 3 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 28/Sep/09 7:12 PM

Updated:: 22/Jun/18 12:54 PM

Resolved:: 29/Nov/14 2:48 AM

Fix Release Date:: 11/May/15