[Zope] Re: PAS and md5 or crypt passwords

Robert (Jamie) Munro jamie at textmatters.com
Thu Oct 12 14:03:28 EDT 2006

Tres Seaver wrote:
> Robert (Jamie) Munro wrote:
>>> How do you use md5 passwords in PAS?
>>> I've got an SQL database already populated with usernames and md5
>>> passwords from an old system that I am replacing - I don't have the
>>> cleartext passwords.
> You write an authentication plugin which takes the credentials as keys
> in a dict (e.g., 'login_name', 'password'), encrypts the password using
> the same algorithm as your old system, and then compares them.  E.g.,
> (untested)::
>   import md5
>   PASSWORD_TEST_SQL = ("select * from users where login_name = '%s' "
>                        "and encrypted_pw = '%s'")
>   def authenticateCredentials(self, credentials):
>       login = credentials['login']
>       clear = credentials['password']
>       encrypted = md5.new(clear).hexdigest() # or whatever
>       matched = self._execSQL(PASSWORD_TEST_SQL % (login, encrypted))
>       if matched:
>          return matched[0]['userid'], login
>       return {}

I've edited GMailAuthPlugin, renamed it MD5AuthPlugin, added that code
and removed the google specific code. It doesn't give any errors, but it
also doesn't let me log in. I've tried adding a line to log things, but
that doesn't seem to be working either.

      LOG("MD5AuthPlugin", INFO, "Login attempt: login: %s, clear: %s,
encrypted: %s" % (login,clear,encrypted))

Any ideas?


Robert (Jamie) Munro

More information about the Zope mailing list