add compatibility with glibc2 MD5-based crypt passwords
|Reported by:||Antti Kaihola||Owned by:||nobody|
|Severity:||Normal||Keywords:||auth password crypt mp5|
|Cc:||philipp@…||Triage Stage:||Design decision needed|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Many systems use MD5-based crypt shadow passwords (see e.g.
man 3 crypt or its on-line version, under heading "GNU Extension"). This extension to the crypt library prefixes the encrypted password with "
$1$<8-character-salt>$" instead of the 2-character salt.
Django uses dollar signs (
$) to delimit the algorithm, salt and encrypted password in the
contrib.auth.models.User.password string. The choice of delimiter collides with glibc2 crypt. Apart from that MD5 crypt passwords should just work with the current code.
I bumped into this in a project where I need to move a number of Linux user accounts along with their passwords to Django.
The first solution which comes to mind is to add another algorithm name, e.g. "md5-crypt", and add its own splitting parser to replace the current one.
Change History (11)
comment:1 Changed 9 years ago by
|Patch needs improvement:||unset|