Modify

Opened 6 years ago

Closed 6 years ago

#3225 closed defect (wontfix)

existing MD5 password not recognized

Reported by: mgood Owned by: anonymous
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Copying ante's comment from #2282

I'll try to explain this way, I have passwords allready stored in svn_pwd.

ante:$apr1$b3BoO...$PFRLvDJSCFcMDwCguKDBa.
testuser:$apr1$iU5.....$2SRd4MCBKFbFuZlHNWHab/
ante1:YDNMS/QpdAX0g

If I go to Trac account prefrences and try to change password for user ante (MD5) I receive error:
Error Old Password is incorrect.
Password change for user ante1 is OK (crypt).

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by mgood

The hashes look ok to me, but since I don't know your password I can't verify whether they're really correct. If you're using mod_python it may be this bug that causes corruption when calculating md5s:
http://tjulo.blogspot.com/2007/03/problems-with-md5-and-modpython.html

You can confirm using the Python command line that the password you're using matches the hash:

$ python
>>> from acct_mgr.pwhash import *
>>> htpasswd('your-password', '$apr1$b3BoO...$PFRLvDJSCFcMDwCguKDBa.')
'$apr1$b3BoO...$G/n.RLADDEvBI6Hsmjttp.'

Try using tracd and changing your password. If it works there it's almost certainly that bug I mentioned above and you'll have to switch to FastCGI or proxying from your web server to tracd.

comment:2 Changed 6 years ago by anonymous

  • Owner changed from mgood to anonymous
  • Status changed from new to assigned

I'm using Trac 0.11rc2 with mod_python Password is 'avenns' & hashes do match.

comment:3 Changed 6 years ago by mgood

  • Resolution set to wontfix
  • Status changed from assigned to closed

I've added a note to the AccountManagerPlugin wiki page about this, but that's all I can do since the bug is in an external library that I can't work around.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from anonymous. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.