id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
10689,Realm not being used for password hash?,james,hasienda,As a test I set the password of my user (james) through the account settings on trac to 'helloworld'. In the database this set the password to ':f4a19cee25aae3fe30d7a319fb7c5144'\r\n\r\nI can reproduce this hash like so:\r\n{{{\r\necho -n james::helloworld | md5\r\nf4a19cee25aae3fe30d7a319fb7c5144\r\n}}}\r\nHowever I thought trac would use the realm set in trac.ini to essentially do this:\r\n{{{\r\necho -n james:TracDB:helloworld | md5\r\n8c41eb73b4e4d22f173b2a302d52dfdd\r\n}}}\r\nI'm obviously missing something_ can anyone see what is it? Here are my account manager settings:\r\n{{{\r\n#!ini\r\n[account-manager]\r\naccount_changes_notify_addresses =\r\nhash_method = HtDigestHashMethod\r\ndb_htdigest_realm = TracDB\r\npassword_store = SessionStore\r\nlogin_attempt_max_count = 3\r\nuser_lock_time = 30\r\nuser_lock_time_progression = 1\r\n\r\n[components]\r\nacct_mgr.guard.accountguard = enabled\r\nacct_mgr.admin.accountmanageradminpages = enabled\r\nacct_mgr.api.accountmanager = enabled\r\nacct_mgr.db.sessionstore = enabled\r\nacct_mgr.htfile.htdigeststore = enabled\r\nacct_mgr.notification.accountchangelistener = enabled\r\nacct_mgr.notification.accountchangenotificationadminpage = enabled\r\nacct_mgr.pwhash.htdigesthashmethod = enabled\r\nacct_mgr.web_ui.accountmodule = enabled\r\nacct_mgr.web_ui.emailverificationmodule = enabled\r\nacct_mgr.web_ui.loginmodule = enabled\r\nacct_mgr.web_ui.registrationmodule = disabled\r\nacct_mgr.web_ui.resetpwstore = disabled\r\ntrac.web.auth.loginmodule = disabled\r\ntracopt.versioncontrol.git.* = enabled\r\n}}}\r\n,defect,closed,low,AccountManagerPlugin,normal,invalid,needinfo SessionStore,rjollos,0.11