[Zope] Re: PAS and md5 or crypt passwords
Tres Seaver
tseaver at palladion.com
Tue Oct 10 12:26:21 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert (Jamie) Munro wrote:
> How do you use md5 passwords in PAS?
>
> I've got an SQL database already populated with usernames and md5
> passwords from an old system that I am replacing - I don't have the
> cleartext passwords.
You write an authentication plugin which takes the credentials as keys
in a dict (e.g., 'login_name', 'password'), encrypts the password using
the same algorithm as your old system, and then compares them. E.g.,
(untested)::
import md5
PASSWORD_TEST_SQL = ("select * from users where login_name = '%s' "
"and encrypted_pw = '%s'")
def authenticateCredentials(self, credentials):
login = credentials['login']
clear = credentials['password']
encrypted = md5.new(clear).hexdigest() # or whatever
matched = self._execSQL(PASSWORD_TEST_SQL % (login, encrypted))
if matched:
return matched[0]['userid'], login
return {}
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFK8mt+gerLs4ltQ4RAsfdAJ9WVfYSFdVKoJLpE66WXDwi6+ssqgCg0yGz
EEMHjFMrCdq0hjcWIhySnXY=
=7L1E
-----END PGP SIGNATURE-----
More information about the Zope
mailing list