User password processing

Where in the RT3 code is user password processing/checking performed? Or
better yet, what routine is used to create the hash for checking a password
against the contents of the user record in the database? I need to prepare
an automated script to check passwords but I need to be able to figure out
what routine is used for comparison. I assume from the contents of the user
table that the password is stored as a one-way hash (MD5 didn’t work for me,
nor did Perl’s crypt() function).

Thanks.

Mike Frazer

Mike Frazer a écrit :

Where in the RT3 code is user password processing/checking performed? Or
better yet, what routine is used to create the hash for checking a password
against the contents of the user record in the database? I need to prepare
an automated script to check passwords but I need to be able to figure out
what routine is used for comparison. I assume from the contents of the user
table that the password is stored as a one-way hash (MD5 didn’t work for me,
nor did Perl’s crypt() function).

Look into RT/User_Overlay.pm for sub _GeneratePassword. It generates a
MD5 hash in base64 encoding.

I hacked it to generate MD5 in hex encoding instead, so mod_auth_mysql
could be used to authenticate some users against the database while
others users are authenticated by another module using PAM.

Guillaume Perréal.

Responsable informatique,
Cemagref, groupement de Lyon,
France.

Tél: (+33) 4.72.20.87.87.
Fax: (+33) 4.78.47.78.75.
Site: http://www.lyon.cemagref.fr/