Modify

Opened 6 years ago

Closed 6 years ago

#3225 closed defect (wontfix)

existing MD5 password not recognized

Reported by: mgood Owned by: anonymous
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Copying ante's comment from #2282

I'll try to explain this way, I have passwords allready stored in svn_pwd.

ante:$apr1$b3BoO...$PFRLvDJSCFcMDwCguKDBa.
testuser:$apr1$iU5.....$2SRd4MCBKFbFuZlHNWHab/
ante1:YDNMS/QpdAX0g

If I go to Trac account prefrences and try to change password for user ante (MD5) I receive error:
Error Old Password is incorrect.
Password change for user ante1 is OK (crypt).

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by mgood

The hashes look ok to me, but since I don't know your password I can't verify whether they're really correct. If you're using mod_python it may be this bug that causes corruption when calculating md5s:
http://tjulo.blogspot.com/2007/03/problems-with-md5-and-modpython.html

You can confirm using the Python command line that the password you're using matches the hash:

$ python
>>> from acct_mgr.pwhash import *
>>> htpasswd('your-password', '$apr1$b3BoO...$PFRLvDJSCFcMDwCguKDBa.')
'$apr1$b3BoO...$G/n.RLADDEvBI6Hsmjttp.'

Try using tracd and changing your password. If it works there it's almost certainly that bug I mentioned above and you'll have to switch to FastCGI or proxying from your web server to tracd.

comment:2 Changed 6 years ago by anonymous

  • Owner changed from mgood to anonymous
  • Status changed from new to assigned

I'm using Trac 0.11rc2 with mod_python Password is 'avenns' & hashes do match.

comment:3 Changed 6 years ago by mgood

  • Resolution set to wontfix
  • Status changed from assigned to closed

I've added a note to the AccountManagerPlugin wiki page about this, but that's all I can do since the bug is in an external library that I can't work around.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.