On 05/09/2017 22:45, RjOllos wrote:
On Tuesday, September 5, 2017 at 1:29:38 PM UTC-7, Nicolas MARTIN wrote:What does the following yield on your system? >>> from passlib.apps import custom_app_context as passlib_ctxt >>> passlib_ctxt.policy.schemes() ['sha512_crypt', 'sha256_crypt']Seems to be a dead-end because passlib was not installed when we initially moved to AccountManager to handle the server authentication. Anyway, I have installed passlib-1.7.1 and I got what we could expect: $ python Python 2.7.6 (default, Mar 18 2014, 22:18:46) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from passlib.apps import custom_app_context as passlib_ctxt >>> passlib_ctxt.policy.schemes() ['sha512_crypt', 'sha256_crypt']We needed to be sure that the hashing algorithms are available on your system:http://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html
$ python
Python 2.7.6 (default, Mar 18 2014, 22:18:46)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from passlib.hash import sha256_crypt
>>> hash = sha256_crypt.hash("password")
>>> hash
'$5$rounds=535000$9a9Y6OmJzEwN0hcM$VmN.XKy2IezFueRtMYxuDx8FLizvzVLlcpCXzoOFjM9'
>>> sha256_crypt.using(rounds=12345).hash("password")
'$5$rounds=12345$3GW9pFS/06AYchFb$nDYB5uiDrsiD7XHxbeUVpHHGvm.SUrPMPVIVYBto/Q.'
>>> sha256_crypt.verify("password", hash)
True
>>> sha256_crypt.verify("letmein", hash)
False
>>> from passlib.hash import sha512_crypt
>>> hash = sha512_crypt.hash("password")
>>> hash
'$6$rounds=656000$0EDxNq0bt17MlHHU$81oKrH4iCIg7q3hpBLatjrUxcKSXVue.srBcU98TA6LWo2LKklAxMeOeuxwLT82AKo7Ti2oSHDe8VQp6Tfn14/'
>>> sha512_crypt.using(rounds=12345).hash("password")
'$6$rounds=12345$ouWDfvOA6Ur6feP1$pfnUTWUHaIbvRXTmju1F1zZ/MzuNOFVIyu8yTUYkDltlI.46GFH/DfQtYlZjrrr2Xh3B.eysNI7oZiJxKDEVS0'
>>> sha512_crypt.verify("password", hash)
True
>>> sha512_crypt.verify("letmein", hash)
False
This class will use the first available of two possible backends: stdlib crypt(), if the host OS supports SHA256-Crypt (most Linux systems). a pure python implementation of SHA256-Crypt built into PasslibTake a look at the code and there are only about 3 conditions that would lead to not taking the desired branch:https://trac-hacks.org/browser/accountmanagerplugin/trunk/acct_mgr/pwhash.py?version=16370&marks=118-122#L106 From the information we have the hashes must not have the proper prefix.
$ grep -o ':\$[^$]*' ~/auth/trac.passwd | sort | uniq -c 1428 :$1 182 :$6 3 :$apr1'$1' hash passwords are from the previous process with Apache authentication, '$apr1' few testing accounts before we realized with the server administrator that the default hash type 'apr_md5_crypt' will not work to access our SVN repository controlled by a Perl script with crypt() function. Thus we set the hash type to sha512 so '$6' represents new or updated passwords.
I still have a backup of my passwords file just before the switch with all former '$1' hash passwords. Just in case...
$ grep -o ':\$[^$]*' ~/auth/save/trac.passwd.save | sort | uniq -c 1598 :$1
For my part, I was able to reset my user password from the administration interface without problem. Also I realized that the login module crashes in all cases (void, wrong or temporary password from email) except of course the good one from the hash passwords file. NicolasThere are multiple problems with password reset. AccountManager hasn't been fully adapted to account for username caching in Trac 1.0.2+.https://trac-hacks.org/ticket/11869 https://trac-hacks.org/ticket/12768 - Ryan
-- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
