Opened 11 years ago
Last modified 11 years ago
#10689 closed defect
Realm not being used for password hash? — at Initial Version
Reported by: | james | Owned by: | Steffen Hoffmann |
---|---|---|---|
Priority: | low | Component: | AccountManagerPlugin |
Severity: | normal | Keywords: | needinfo SessionStore |
Cc: | Ryan J Ollos | Trac Release: | 0.11 |
Description
As a test I set the password of my user (james) through the account settings on trac to 'helloworld'. In the database this set the password to :f4a19cee25aae3fe30d7a319fb7c5144
I can reproduce this hash like so: echo -n james::helloworld | md5 f4a19cee25aae3fe30d7a319fb7c5144
However I thought trac would use the realm set in trac.ini to essentially do this: echo -n james:TracDB:helloworld | md5 8c41eb73b4e4d22f173b2a302d52dfdd
I'm obviously missing something, can anyone see what is it? Here are my account manager settings:
[account-manager] account_changes_notify_addresses = hash_method = HtDigestHashMethod db_htdigest_realm = TracDB password_store = SessionStore login_attempt_max_count = 3 user_lock_time = 30 user_lock_time_progression = 1
[components] acct_mgr.guard.accountguard = enabled acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.api.accountmanager = enabled acct_mgr.db.sessionstore = enabled acct_mgr.htfile.htdigeststore = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpage = enabled acct_mgr.pwhash.htdigesthashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = enabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = disabled trac.web.auth.loginmodule = disabled tracopt.versioncontrol.git.* = enabled