I've modified pwhash.py but I'm still faced the issue.
Now I'm trying to analyse this in a different way, to see why the procedure doesn't work now (changes in Trac or the server) or if the problem dates back to the authentication switch. In particular, I found that most of the 'password_reset' entries for newly accounts are still in the 'session_attribute' SQL datatable. Would they not have been removed after the first connection with the personalized password ?
The situation is a bit critical because I still can create an account but for me I have no more a secure way to transmit the access. Any hint ?
Nicolas On 06/09/2017 00:36, RjOllos wrote:
On Tuesday, September 5, 2017 at 3:09:40 PM UTC-7, Nicolas MARTIN wrote:From the information we have the hashes must not have the proper prefix.$ grep -o ':\$[^$]*' ~/auth/trac.passwd | sort | uniq -c 1428 :$1 182 :$6 3 :$apr1 '$1' hash passwords are from the previous process with Apache authentication, '$apr1' few testing accounts before we realized with the server administrator that the default hash type 'apr_md5_crypt' will not work to access our SVN repository controlled by a Perl script with crypt() function. Thus we set the hash type to sha512 so '$6' represents new or updated passwords. I still have a backup of my passwords file just before the switch with all former '$1' hash passwords. Just in case... $ grep -o ':\$[^$]*' ~/auth/save/trac.passwd.save | sort | uniq -c 1598 :$1I assume you wouldn't see the traceback if you changed your password to sha512 and then tried to change it again. That is, the issue is only seen when changing from a MD5 to sha512 password.You could try the following patch: Index: acct_mgr/pwhash.py =================================================================== --- acct_mgr/pwhash.py (revision 16783) +++ acct_mgr/pwhash.py (working copy) @@ -113,6 +113,8 @@ if hash.startswith('$apr1$'): return md5crypt(password, hash[6:].split('$')[0], '$apr1$') + elif hash.startswith('$1$'): + return md5crypt(password, hash[3:].split('$')[0]) elif hash.startswith('{SHA}'):return '{SHA}' + hashlib.sha1(password).digest().encode('base64')[:-1]elif passlib_ctxt is not None and hash.startswith('$5$') and \ - Ryan
-- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
