Hello,
I am working on external authentication for users. Can someone let me know what encryption method is used to store passwords in users table pls? Is it MD5 or Sha1?
Thanks.
Best Regards
Chetan
Password storage method
Moderator: crythias
-
chetannagaonkar
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Password storage method
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Re: Password storage method
for external Authentication like htpasswd, LDAP, SSL Client Certificates you don't need the passwords of the user table
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
chetannagaonkar
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Password storage method
Thanks for the quick reply, Jojo. I am using it for external reports developed. I would like the users who have Stats permissions to access the repors. I tried using md5 and SHA1 methods. None of them work.
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
chetannagaonkar
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Password storage method
Hasn't anyone come across this? Can someone let me know at least what method is used or if it is not possible to decrypt the agents passwords pls?
Chetan
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Re: Password storage method
You can not decrypt the passwords with "nomal" methods as they are stored as salted md5. You can switch to store them as plaintext, but this will be a security issue.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
chetannagaonkar
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Password storage method
Thanks jojo. So, if I use salted md5 method to decrypt, would that suffice?
Chetan
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Re: Password storage method
you can not decrypt md5
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
chetannagaonkar
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Password storage method
Thanks, jojo. In that case, is there a way to authenticate agent and if he has access to Stats group?
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate