On Tue, 31 May 2005, Gall Anonim wrote: > I have such problem, that i need to authenticate my users from mysql > database, some of them have password stored in plaintext. Others have > crypted. Now I need to autenticate them all, and i cant separate with > usernames. I need to migrate service and it have to be done > transparently.
Try a plaintext match and if that fails try a crypt match? Horribly insecure (it makes crypted passwords equivalent to plaintext passwords because you can type in your crypted password to authenticate yourself) but it will allow you to migrate to all-crypted, at which point you can turn off the plaintext matching. If you're using a modern crypt() you can improve the security by checking the format of the stored password and not allowing plaintext matches for passowrds that appear to be crypted. Tony. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
