[sork] passwd and md5 in CVS HEAD
Amith Varghese
amith at xalan.com
Sat Dec 14 23:48:54 PST 2002
A little while ago when Passwd got modified to support different backends, the
md5 encryption scheme got changed to use use PHP's internal MD5 function.
However, this seems to break password changing on OpenLDAP servers. If i
change it back to the scheme that I originally had submitted everything works
fine. So for example in the current Driver.php this code exists:
case "md5":
$newPassword = md5($newPassword);
However when the password gets changed, I am unable to log in at all using the
new password. When I change that line to:
$newPassword = "{MD5}" . base64_encode(mHash(MHASH_MD5, $newPa
ssword));
i can change the password, log out, and then log back in fine. In addition I
used the ldappasswd utility to change the password after it gets messed up with
md5(). When I use ldappasswd, the password that is generated matches the one
that mhash generates, but not PHP's md5 function. I looked at the PHP docs and
I am really not sure what the difference is between the two. I've also tried
base64 encoding the results from md5() and prepending the {MD5} string but that
hasn't fixed anything. I'm proposing that the md5 encryption scheme should be
changed back to the original mhash method unless someone who uses md5 has is
working correctly with HEAD.
Index: Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.7
diff -u -r1.7 Driver.php
--- Driver.php 5 Dec 2002 23:10:27 -0000 1.7
+++ Driver.php 15 Dec 2002 04:44:48 -0000
@@ -153,7 +153,7 @@
$newPassword = "{crypt}" . crypt($newPassword);
break;
case "md5":
- $newPassword = md5($newPassword);
+ $newPassword = "{MD5}" . base64_encode(mHash(MHASH_MD5, $newPas
sword));
break;
case "ssha":
$salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h
*",md5(mt_rand())),0,8),4);
More information about the sork
mailing list