Tickets :: [#12962] Encrypted MySQL Password

6.0.0-beta1

7/12/25

Summary	Encrypted MySQL Password
Queue	Horde Framework Packages
Queue Version	Git master
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	jan (at) horde (dot) org
Requester	stwagner (at) openst (dot) de
Created	02/10/2014 (4170 days ago)
Due
Updated	02/11/2014 (4169 days ago)
Assigned
Resolved	02/10/2014 (4170 days ago)
Milestone
Patch	Yes

02/11/2014 11:17:50 AM	Git Commit	Comment #7	Reply to this comment
Changes have been made in Git (master): commit 75657c76f8ea67ca56d588b7bd81f0dd38628131 Author: Jan Schneider <jan@horde.org> Date: Tue Feb 11 12:17:32 2014 +0100 [jan] Add mysql encryption option for SQL backends (~~Request #12962~~). horde/config/conf.xml \| 2 ++ horde/docs/CHANGES \| 1 + horde/package.xml \| 1 + 3 files changed, 4 insertions(+), 0 deletions(-) http://git.horde.org/horde-git/-/commit/75657c76f8ea67ca56d588b7bd81f0dd38628131

02/10/2014 07:57:51 PM	stwagner (at) openst (dot) de	Comment #6	Reply to this comment
Thanks a lot! Would it mind you to push something like Use 'mysql' if the passwords are stored by using the password() function of MySQL (MySQL Version >=4.1). into documentation (horde/passwd/docs/INSTALL, line 234)?

02/10/2014 05:14:51 PM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved

02/10/2014 05:14:44 PM	Git Commit	Comment #5	Reply to this comment
Changes have been made in Git (master): commit 4a1a64dd1cc9236bb6853dc07efb77244a5430a8 Author: Jan Schneider <jan@horde.org> Date: Mon Feb 10 18:13:57 2014 +0100 [jan] Add MySQL password hashing (~~Request #12962~~). framework/Auth/lib/Horde/Auth.php \| 4 ++++ framework/Auth/package.xml \| 2 ++ framework/Auth/test/Horde/Auth/TestCase.php \| Bin 2220 -> 2297 bytes 3 files changed, 6 insertions(+), 0 deletions(-) http://git.horde.org/horde-git/-/commit/4a1a64dd1cc9236bb6853dc07efb77244a5430a8

02/10/2014 05:14:29 PM	Jan Schneider	Version ⇒ Git master Queue ⇒ Horde Framework Packages

02/10/2014 04:09:44 PM	stwagner (at) openst (dot) de	Comment #4	Reply to this comment
The "new" MySQL password hash method (>= MySQL 4.1).

02/10/2014 03:59:20 PM	Jan Schneider	Comment #3 State ⇒ Feedback	Reply to this comment
Which password hashing method are you talking about? The old or the new hashing method?

02/10/2014 02:04:32 PM	stwagner (at) openst (dot) de	Comment #2 New Attachment: horde-Auth.mysql.php.patch	Reply to this comment
Patch now attached.

02/10/2014 02:03:35 PM	stwagner (at) openst (dot) de	Comment #1 Priority ⇒ 1. Low Type ⇒ Enhancement Summary ⇒ Encrypted MySQL Password Queue ⇒ Passwd Milestone ⇒ Patch ⇒ Yes State ⇒ New	Reply to this comment
It seems that there is no configuration option if passwords stored within an MySQL database and the passwords are encrypted by MySQLs password function. The check of old password fail because, of missing algorithm that matches MySQLs password(). I propose to extend the getCryptedPassword function of Auth.php class with a MySQL password hash function (PHP-based). MySQL passwords are then supported by the encryption option 'mysql' in the 'sql' section of backends.php. Patch attached.