Write htpasswd "crypt" passwords when possible
|Reported by:||Owned by:||Matt Good|
I moved my existing Trac 0.10 installation to another server and reinstalled all the plugins. The old server crashed so I'm not sure which version of AccountManagerPlugin I had installed. Now I'm using Trac 0.10, r1502 of AccountManagerPlugin and HtPasswdStore for password storage. After the installation I was not able to login anymore.
Investigating a bit more, I tried to change the password with Apache htpasswd. I tried MD5 (-m) and it did not work, I tried SHA (-s) and then it worked. Next, I tried to change my password using the "My Account" form, my SHA password got overwritten with an MD5 one. Logged out, tried to log in back, voila, it didn't work. Okay, I created it again using SHA, and it worked again.
When I set my password using Apache htpasswd -m, it looks like this:
but if I login (of course using a SHA password) and change the password to the same passphrase as above (though they're supposed to be same), it looks like this:
For the record, passphrase is "test". I guess the md5 implementation is somehow incompatible or broken, or it's me doing something extremely stupid.
Can you help, please? -- Enver
Change History (3)
comment:1 Changed 10 years ago by
|Status:||new → assigned|
|Summary:||MD5 password encryption incompatible with Apache htpasswd in 0.10 branch → Write htpasswd "crypt" passwords when possible|