id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
11912	"check_password() and ""crypt()"" passwords"	nahuel	nobody	"
{{{
In [16]: (hash, salt, pwc) = 'crypt$MW$CXuav1H6.Tw'.split('$')

In [17]: crypt.crypt('bitchou',salt)
Out[17]: 'MWCXuav1H6.Tw'

In [18]: pwc
Out[18]: 'CXuav1H6.Tw'
}}}

As you see, crypt.crypt return the salt+pwc, and not only the ""pwd"", so in django the checked password always return false:
http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py#L39

To fix this, just change the line 45 to:
{{{
    return salt + hsh == get_hexdigest(algo, salt, raw_password) 
}}}

Or perhaps I'm wrong, but I don't think.
"		closed	contrib.auth	1.1		invalid			Unreviewed	0	0	0	0	0	0