Opened 11 years ago
Last modified 11 years ago
#10689 closed defect
Realm not being used for password hash? — at Version 1
| Reported by: | james | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | low | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | needinfo SessionStore |
| Cc: | Ryan J Ollos | Trac Release: | 0.11 |
Description (last modified by )
As a test I set the password of my user (james) through the account settings on trac to 'helloworld'. In the database this set the password to ':f4a19cee25aae3fe30d7a319fb7c5144'
I can reproduce this hash like so:
echo -n james::helloworld | md5 f4a19cee25aae3fe30d7a319fb7c5144
However I thought trac would use the realm set in trac.ini to essentially do this:
echo -n james:TracDB:helloworld | md5 8c41eb73b4e4d22f173b2a302d52dfdd
I'm obviously missing something, can anyone see what is it? Here are my account manager settings:
[account-manager] account_changes_notify_addresses = hash_method = HtDigestHashMethod db_htdigest_realm = TracDB password_store = SessionStore login_attempt_max_count = 3 user_lock_time = 30 user_lock_time_progression = 1 [components] acct_mgr.guard.accountguard = enabled acct_mgr.admin.accountmanageradminpages = enabled acct_mgr.api.accountmanager = enabled acct_mgr.db.sessionstore = enabled acct_mgr.htfile.htdigeststore = enabled acct_mgr.notification.accountchangelistener = enabled acct_mgr.notification.accountchangenotificationadminpage = enabled acct_mgr.pwhash.htdigesthashmethod = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.emailverificationmodule = enabled acct_mgr.web_ui.loginmodule = enabled acct_mgr.web_ui.registrationmodule = disabled acct_mgr.web_ui.resetpwstore = disabled trac.web.auth.loginmodule = disabled tracopt.versioncontrol.git.* = enabled
Change History (1)
comment:1 Changed 11 years ago by
| Description: | modified (diff) |
|---|---|
| Keywords: | SessionStore added |
Note: See
TracTickets for help on using
tickets.
reformatting for readability