[sork] passwd and md5 in CVS HEAD

Amith Varghese amith at xalan.com
Sat Dec 14 23:48:54 PST 2002


A little while ago when Passwd got modified to support different backends, the 
md5 encryption scheme got changed to use use PHP's internal MD5 function.  
However, this seems to break password changing on OpenLDAP servers.  If i 
change it back to the scheme that I originally had submitted everything works 
fine.  So for example in the current Driver.php this code exists:

case "md5":
                $newPassword = md5($newPassword);

However when the password gets changed, I am unable to log in at all using the 
new password.  When I change that line to:

$newPassword = "{MD5}" . base64_encode(mHash(MHASH_MD5, $newPa
ssword));

i can change the password, log out, and then log back in fine.  In addition I 
used the ldappasswd utility to change the password after it gets messed up with 
md5().  When I use ldappasswd, the password that is generated matches the one 
that mhash generates, but not PHP's md5 function.  I looked at the PHP docs and 
I am really not sure what the difference is between the two.  I've also tried 
base64 encoding the results from md5() and prepending the {MD5} string but that 
hasn't fixed anything.  I'm proposing that the md5 encryption scheme should be 
changed back to the original mhash method unless someone who uses md5 has is 
working correctly with HEAD.

Index: Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.7
diff -u -r1.7 Driver.php
--- Driver.php  5 Dec 2002 23:10:27 -0000       1.7
+++ Driver.php  15 Dec 2002 04:44:48 -0000
@@ -153,7 +153,7 @@
                 $newPassword = "{crypt}" . crypt($newPassword);
                 break;
             case "md5":
-                $newPassword = md5($newPassword);
+                $newPassword = "{MD5}" . base64_encode(mHash(MHASH_MD5, $newPas
sword));
                 break;
             case "ssha":
                 $salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h
*",md5(mt_rand())),0,8),4);


More information about the sork mailing list