Le samedi 1 mai 2010 20:57:22, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >>>> Luis Daniel Lucio Quiroz wrote:
> >>>>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> >>>>>> HI all
> >>>>>>
> >>>>>> As a requirement of one client, he wants to use joomla user database
> >>>>>> to let squid authenticate.
> >>>>>>
> >>>>>> I did patch squid_db_auth that Henrik has written in order to
> >>>>>> support joomla hash conditions.
> >>>>>>
> >>>>>> I did add one usefull option to script
> >>>>>>
> >>>>>> --joomla
> >>>>>>
> >>>>>> in order to activate joomla hashing. Other options are identical.
> >>>>>> Please test :)
> >>>>>>
> >>>>>> Ammos, I'd like if you can include this in 3.1.2
> >>>>
> >>>> Mumble.
> >>>>
> >>>> How do other users feel about it? Useful enough to cross the security
> >>>> bugs and regressions only freeze?
> >>>>
> >>>>>> LD
> >>>>>
> >>>>> I have a typo in
> >>>>> my salt
> >>>>>
> >>>>> should be
> >>>>> my $salt
> >>>>>
> >>>>> sorry
> >>>>
> >>>> Can you make the option --md5 instead please?
> >>>>
> >>>> Possibilities are not limited to Joomla and they may change someday.
> >>>>
> >>>> The option needs to be added to the documentation sections of the
> >>>> helper as well.
> >>>>
> >>>> Amos
> >>>
> >>> I dont get you about "cross the security",
> >>
> >> 3.1 is under feature freeze. Anything not a security fix or regression
> >> needs to have some good reasons to be committed.
> >>
> >> I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
> >> to get back into the habit of it. Particularly since we look like having
> >> a good foothold on the track for 12-month releases now.
> >>
> >>> what i did is that --joomla flag do diferent sql request and because
> >>> joomla hass is like this:
> >>> hash:salt
> >>> i did split and compare. by default joomla uses md5 (i'm not a joomla
> >>> master, i dont know when joomla uses other hashings)
> >>
> >> I intend to use this auth helper myself for other systems, and there are
> >> others who ask about a DB helper occasionally.
> >>
> >>
> >> Taking a better look at your changes ...
> >>
> >> The first one: db_conf = "block = 0" seems to be useless. All it does
> >> is hard-code a different default value for the --cond option.
> >>
> >> For Joomla the squid.conf should instead contain:
> >> --cond " block=0 "
> >>
> >> Which leaves the salted/non-salted hash change.
> >>
> >> Adding this:
> >> --salt-delimiter D
> >>
> >> To configure character(s) between the hash and salt values. Will not to
> >> lock people into the specific Joomla syntax of colon. There are
> >> examples and tutorials out there for app design that use other
> >> delimiters.
> >>
> >> Doing both of those changes Joomla would be configured with:
> >> ... --cond " block=0 " --salt-delimiter ":"
> >>>
> >>> if you want, latter i may add also --md5 to store md5 password, and
> >>> --digest- auth to support diggest authentication :) but later jejeje
> >>
> >> Amos
> >
> > HI
> > i've just update my patch to fit 3.1.2
> >
> >
> > I hope this could be included since it is based on todays snapshot.
> >
> > Regards,
> >
> > LD
>
> Thank you.
>
> You still have the --joomla flag. I thought you agreed to call it
> something like the --salt and take the delim character ?
>
> Amos
Amos,
the fact is that joomla breaks common format in salt
normaly in unix forma should be
salt:crypted_password, what ever the seperator is, $ for example
but in joomla is quite differente
crypted:password:salt (always : as separator), joomla in its code can soppurt
diferente crypt schemas but it laks on a gui to change it, i fyou want to
change joomla schema you must hack code (i did already to change it, thats
whay i know that).
I will add --salt separator also, but i'd prefere to keep --joomla because
this reason i have told
This monday i will publish patch then :) (monday my time, i'm gmt-6)
Regards,
LD
Received on Sun May 02 2010 - 17:56:27 MDT
This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 12:00:03 MDT