Support for crypt passwords
|Reported by:||sto||Owned by:||brad|
As I needed the functionality I've added support for crypt passwords; I
know that crypt is not the best option, but at least I can move
passwords between different authentication systems without users noticing
it, that is, I can use them on the htpasswd file, on an LDAP server
or on the /etc/shadow files of a UNIX machine.
My patch adds the password_hash keyword to the dbauth section and
checks if the value is crypt when generating new passwords (if it is
not, it uses the previous SHA-1 hash). When checking passwords the patch
tries the three authentication methods (cleartext, SHA-1 and
crypt), basically to keep the system backwards compatible.
On a quick review I've seen that on the new version only one hash method
is used when verifying passwords and that the keyword used to choose the
hash method is algorithm, but the code to support crypt is easy to
add, if you are interested I can send you a patch for the simple version