Hi all ;-) I am really happy with the bcrypt password hashing mechanism that Martin and me added to OTRS 3.3.
That said, one thing that is not so nice is that passwords which already exists are not upgraded. Of course, for upgrading we would need the plain password. So what we could do is, when a user logs in, compare the encryption mechanism of the password hash with the configured password mechanism in the configuration. If the mechanism is not the same, the pasword is set again but now with the new mechanism. I created a small patch for this, does it sound sane? If so, I'll send a pull request with the code. -- Mike
_______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev