[Koha-bugs] [Bug 9611] Changing the password hashing algorithm from MD5 to more secure Bcrypt

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Oct 3 16:22:05 CEST 2013


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9611

--- Comment #83 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 21772
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21772&action=edit
bug_9611: use hash_password() and checkpw_* instead of md5 hash

Test:

* LDAP:
- Turn on LDAP auth in koha-config.xml. Sset "update" in your server config to
1
- Change user's password on LDAP
- Login to Koha using LDAP - Koha password should be updated, to check
- Turn off LDAP auth in koha-config.xml
- You should be ble to log in with the new password

I do not have a LDAP facility, so I cheated. I ran
perl -e 'use C4::Auth_with_ldap;
C4::Auth_with_ldap::_do_changepassword("srdjan", 1000022259, "srdjan");'
and was able to change the password.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Work as described.

Test
1) change <useldapserver> to 1
2) copy/paste sample <ldapserver> config from perldoc C4/Auth_with_ldap
3) using sample script was able to change password,
use (userid, borrowernumber, newpass) as arguments
4) checked with OPAC and in database

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list