[#12962] Encrypted MySQL Password
Summary Encrypted MySQL Password
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Resolved
Priority 1. Low
Owners jan@horde.org
Requester stwagner@openst.de
Created 2014-02-10 (2347 days ago)
Updated 2014-02-11 (2346 days ago)
Resolved 2014-02-10 (2347 days ago)
Patch Yes

stwagner@openst.de 2014-02-10 14:03:35
It seems that there is no configuration option if passwords stored 
within an MySQL database and the passwords are encrypted by MySQLs 
password function.
The check of old password fail because, of missing algorithm that 
matches MySQLs password().

I propose to extend the getCryptedPassword function of Auth.php class 
with a MySQL password hash function (PHP-based). MySQL passwords are 
then supported by the encryption option 'mysql' in the 'sql' section 
of backends.php.

Patch attached.

stwagner@openst.de 2014-02-10 14:04:32
Patch now attached.

Jan Schneider <jan@horde.org> 2014-02-10 15:59:20
Which password hashing method are you talking about? The old or the 
new hashing method?

stwagner@openst.de 2014-02-10 16:09:44
The "new" MySQL password  hash method (>= MySQL 4.1).

Git Commit <commits@lists.horde.org> 2014-02-10 17:14:44
Changes have been made in Git (master):

commit 4a1a64dd1cc9236bb6853dc07efb77244a5430a8
Author: Jan Schneider <jan@horde.org>
Date:   Mon Feb 10 18:13:57 2014 +0100

     [jan] Add MySQL password hashing (Request #12962).

  framework/Auth/lib/Horde/Auth.php           |    4 ++++
  framework/Auth/package.xml                  |    2 ++
  framework/Auth/test/Horde/Auth/TestCase.php |  Bin 2220 -> 2297 bytes
  3 files changed, 6 insertions(+), 0 deletions(-)


stwagner@openst.de 2014-02-10 19:57:51
Thanks a lot!
Would it mind you to push something like

Use 'mysql' if the passwords are stored by using the password() 
function of MySQL (MySQL Version >=4.1).

into documentation (horde/passwd/docs/INSTALL, line 234)?

Git Commit <commits@lists.horde.org> 2014-02-11 11:17:50
Changes have been made in Git (master):

commit 75657c76f8ea67ca56d588b7bd81f0dd38628131
Author: Jan Schneider <jan@horde.org>
Date:   Tue Feb 11 12:17:32 2014 +0100

     [jan] Add mysql encryption option for SQL backends (Request #12962).

  horde/config/conf.xml |    2 ++
  horde/docs/CHANGES    |    1 +
  horde/package.xml     |    1 +
  3 files changed, 4 insertions(+), 0 deletions(-)