id summary reporter owner description type status priority component severity resolution keywords cc release 1283 Support for crypt passwords Sergio Talens-Oliag Brad Anderson "It would be nice to support more than one `password_hash` on this plugin, as the default one used on the [source:dbauthplugin/0.10 0.10] version of the plugin can't be used to validate users with ''apache 2.2'' and ''mod_authn_dbd''. As I needed the functionality I've added support for `crypt` passwords; I know that `crypt` is not the best option, but at least I can move passwords between different authentication systems without users noticing it, that is, I can use them on the `htpasswd` file, on an `LDAP` server or on the `/etc/shadow` files of a UNIX machine. My patch adds the `password_hash` keyword to the `dbauth` section and checks if the value is `crypt` when generating new passwords (if it is not, it uses the previous `SHA-1` hash). When checking passwords the patch tries the three authentication methods (''cleartext'', ''SHA-1'' and ''crypt''), basically to keep the system backwards compatible. I've looked at the [source:dbauthplugin/simple simple branch], but as I'm using the 0.10 version and have not tested the `simple` version I have not patched that code, but it should be easy to do. On a quick review I've seen that on the new version only one hash method is used when verifying passwords and that the keyword used to choose the hash method is `algorithm`, but the code to support `crypt` is easy to add, if you are interested I can send you a patch for the simple version also. " enhancement closed normal DbAuthPlugin normal wontfix 0.10