#6028: add compatibility with glibc2 MD5-based crypt passwords
-----------------------+----------------------------------------------------
Reporter: akaihola | Owner: nobody
Status: new | Component: Contrib apps
Version: SVN | Keywords: auth password crypt mp5
Stage: Unreviewed | Has_patch: 0
-----------------------+----------------------------------------------------
In [5073] support for Unix DES crypt passwords was added (see #3316 for
discussion).
Many systems use MD5-based crypt shadow passwords (see e.g. {{{man 3
crypt}}} or its [http://linux.die.net/man/3/crypt on-line version], under
heading "GNU Extension"). This extension to the crypt library prefixes the
encrypted password with "{{{$1$<8-character-salt>$}}}" instead of the
2-character salt.
Django uses dollar signs ({{{$}}}) to delimit the algorithm, salt and
encrypted password in the {{{contrib.auth.models.User.password}}} string.
The choice of delimiter collides with glibc2 crypt. Apart from that MD5
crypt passwords should just work with the current code.
I bumped into this in a project where I need to move a number of Linux
user accounts along with their passwords to Django.
The first solution which comes to mind is to add another algorithm name,
e.g. "md5-crypt", and add its own splitting parser to replace
[http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py#L54
the current one].
--
Ticket URL: <http://code.djangoproject.com/ticket/6028>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
