I would try to generate crypt passwords for everybody, you can crypt the ones that aren't (the other way back would be difficult...). And I think having all passwords crypted will be more serious...
A Dimarts 31 Maig 2005 17:07, Tony Finch va escriure: > On Tue, 31 May 2005, Gall Anonim wrote: > > I have such problem, that i need to authenticate my users from mysql > > database, some of them have password stored in plaintext. Others have > > crypted. Now I need to autenticate them all, and i cant separate with > > usernames. I need to migrate service and it have to be done > > transparently. > > Try a plaintext match and if that fails try a crypt match? Horribly > insecure (it makes crypted passwords equivalent to plaintext passwords > because you can type in your crypted password to authenticate yourself) > but it will allow you to migrate to all-crypted, at which point you can > turn off the plaintext matching. If you're using a modern crypt() you can > improve the security by checking the format of the stored password and > not allowing plaintext matches for passowrds that appear to be crypted. > > Tony. > -- > <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ > N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ > \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- Agust� Rivero [EMAIL PROTECTED] Telf. 902 36 14 84 Ilimit Comunicacions -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
