Opened 11 years ago

Last modified 11 years ago

#10689 closed defect

Realm not being used for password hash? — at Initial Version

Reported by: james Owned by: Steffen Hoffmann
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: needinfo SessionStore
Cc: Ryan J Ollos Trac Release: 0.11

Description

As a test I set the password of my user (james) through the account settings on trac to 'helloworld'. In the database this set the password to :f4a19cee25aae3fe30d7a319fb7c5144

I can reproduce this hash like so: echo -n james::helloworld | md5 f4a19cee25aae3fe30d7a319fb7c5144

However I thought trac would use the realm set in trac.ini to essentially do this: echo -n james:TracDB:helloworld | md5 8c41eb73b4e4d22f173b2a302d52dfdd

I'm obviously missing something, can anyone see what is it? Here are my account manager settings:

[account-manager] account_changes_notify_addresses = hash_method = HtDigestHashMethod db_htdigest_realm = TracDB password_store = SessionStore login_attempt_max_count = 3 user_lock_time = 30 user_lock_time_progression = 1

[components] acct_mgr.guard.accountguard = enabled acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.api.accountmanager = enabled acct_mgr.db.sessionstore = enabled acct_mgr.htfile.htdigeststore = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpage = enabled acct_mgr.pwhash.htdigesthashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = enabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = disabled trac.web.auth.loginmodule = disabled tracopt.versioncontrol.git.* = enabled

Change History (0)

Note: See TracTickets for help on using tickets.