Modify

Opened 6 years ago

Closed 6 years ago

#3132 closed defect (fixed)

Login does not work - wrong hash?

Reported by: makro Owned by: mgood
Priority: high Component: AccountManagerPlugin
Severity: critical Keywords: digest hash auth
Cc: Trac Release: 0.11

Description

Using the Account Manager Plugin, an entry in the htpasswd file is created - but login is not possible (wrong pw). Note that login works if the user is created using htdigest. Note also, that the password hashs are different, using both methods with identical data for user / password.

String , created by AccountManager, for user/pass test/test:
test:migration:0000000091706f12da9a78d6dd3ac202

Environment: Trac012dev, Apache 2.2.3, mod_wsgi, using authz plugin. Auth method 'digest'

For more information, see also mailing list entry: [Trac] AccountManager Plugin w digest, wrong method?

http://groups.google.com/group/trac-users/browse_thread/thread/597adcab3acb4ec4

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by makro

I forgot to tell: The server is running on ssl (https connection)

comment:2 Changed 6 years ago by makro

Note from cmlenz@irc: (might be the reason for the defect)
http://tjulo.blogspot.com/2007/03/problems-with-md5-and-modpython.html

comment:3 Changed 6 years ago by makro

  • Priority changed from normal to high
  • Resolution set to fixed
  • Severity changed from normal to critical
  • Status changed from new to closed

The problem can be fixed by using sha instead of md5 algorithm. See:
http://trac.edgewall.org/ticket/2570

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from mgood. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.