[bugs] [Bug 1090] New - passwd module half broke

bugs@bugs.horde.org bugs@bugs.horde.org
Wed Oct 23 20:36:15 2002


http://bugs.horde.org/show_bug.cgi?id=1090

*** shadow/1090	Wed Oct 23 16:36:14 2002
--- shadow/1090.tmp.26712	Wed Oct 23 16:36:14 2002
***************
*** 0 ****
--- 1,36 ----
+ Bug#: 1090
+ Product: Horde
+ Version: 2.1 Unstable
+ Platform: PHP Code
+ OS/Version: Linux
+ Status: NEW   
+ Resolution: 
+ Severity: normal
+ Priority: P2
+ Component: Core
+ Area: BUILD
+ AssignedTo: chuck@horde.org                            
+ ReportedBy: aaroncollins@gtcinternet.com               
+ URL: 
+ Summary: passwd module half broke
+ 
+ When using the passwd module, I've noticed, that if I change a passwd, and log
+ out and then log back in, it will change my passwd correctly, but If I go to
+ change it again, it says the my old passwd was incorrect.  Now I beleive that
+ this happens due to a bug in the php crypt function, if you dont give it a salt
+ it creates it's own, I've found that if it creates it's own, it usually uses a
+ really long salt, when it needs to use a 2 byte salt.  The way that I got around
+ this was by editing ldap.php in the /var/www/horde/passwd/lib/Driver directory
+ and change line 114 to give it's own 2byte random salt like so
+ $change_info["userPassword"] = "{crypt}" . crypt($newPassword, 'rand()rand()');
+ 
+ I've only tested this on my own box, here is my setup
+ Linux SuSe 7.3 2.4.10-64GB-SMP #1 SMP Fri Sep 28 17:26:36 GMT 2001 i686 unknown
+ I'm using PHP-4.2.3, with the following includes
+ ./configure --with-gettext --with-imap --with-ldap --with-mysql --with-xml
+ --with-apxs --with-mcrypt
+ I also use ldap for the passwd module.
+ 
+ Signed,
+ Aaron Collins
+ acollins@gtcinternet.com