Hi,
I get some info from PHPass but I don't know how use it ;/ any sugestion from your site ? >'p_enc_pkg' => 'Authen::Passphrase::PHPass', >'p_enc_sub' => 'cost', The comment above, the example below, and a bit of googling all show that p_enc_pkg and p_enc_sub are together meant to name a hash function. Your password string will be passed through the function, and the resulting hash value is then managed by RT. The clearest example: >#'p_enc_pkg' => 'Crypt::MySQL', >#'p_enc_sub' => 'password41', Crypt::MySQL::password41() is a function to which you pass a password string and it returns a hash. For example, password41("hunter2") returns "*58815970BE77B3720276F63DB198B1FA42E5CC02". Authen::Passphrase::PHPass::cost is not a hashing function. It's not meant to be called as a standalone function at all. It's the implementation of the ->cost method on the Authen::Passphrase::PHPass class, and so expects to be passed an A:P:PHPass object, not a string. A:P:PHPass doesn't actually expose the hash function on its own, so you can't use it this way. In fact, the PHPass hash algorithm *can't* be properly used by RT, because it takes a salt input, and apparently RT can't perform salting. (There's a p_salt parameter, which appears to be a *fixed* salt, defeating the purpose.) You could write a wrapper function around A:P:PHPass that creates a recogniser for a supplied password and then just extracts the hash. The wrapper would have to fix the cost parameter and the salt. It looks like this: use Authen::Passphrase::PHPass (); sub phpass_10_aaaaaaaa($) { return Authen::Passphrase::PHPass->new( cost=>10, passphrase=>$_[0], salt=>"aaaaaaaa", )->hash_base64; } phpass_10_aaaaaaaa("hunter2") returns "LvYU3dRamxKB1.lRa4ow1/". *This* is a hash function and could be used by RT via p_enc_pkg and p_enc_sub. It's a bit of an abstraction inversion to use A:P:PHPass just for its hash function. If A:P:PHPass were wrapping some other module that just provides the hash then I'd point you at the other module. Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL. But A:P:PHPass implements the hash itself. Also, if there were a module exposing the PHPass algorithm on its own, you'd still have to write a wrapper, because of the cost parameter that RT has no idea how to handle. 2011/11/16 Adrian Stel <adisa...@gmail.com>: > Hi, > > > DBI.pm > this is the place with p_enc_sub: > > > sub GetAuth { > > my ($service, $username, $password) = @_; > > my $config = $RT::ExternalSettings->{$service}; > $RT::Logger->debug( "Trying external auth service:",$service); > > my $db_table = $config->{'table'}; > my $db_u_field = $config->{'u_field'}; > my $db_p_field = $config->{'p_field'}; > my $db_p_enc_pkg = $config->{'p_enc_pkg'}; > my $db_p_enc_sub = $config->{'p_enc_sub'}; > my $db_p_salt = $config->{'p_salt'}; > > > > Place where the password is submitted to that method as a string parameter. > > In my opinion could be here: > > # Get the user's password from the database query result > my $pass_from_db = $results_hashref->{$username}->{$db_p_field}; > > # This is the encryption package & subroutine passed in by the config file > $RT::Logger->debug( "Encryption Package:", > $db_p_enc_pkg); > $RT::Logger->debug( "Encryption Subroutine:", > $db_p_enc_sub); > > # Use config info to auto-load the perl package needed for > password encryption > # I know it uses a string eval - but I don't think there's a > better way to do this > # Jump to next external authentication service on failure > eval "require $db_p_enc_pkg" or > $RT::Logger->error("AUTH FAILED, Couldn't Load Password > Encryption Package. Error: $@") && return 0; > > my $encrypt = $db_p_enc_pkg->can($db_p_enc_sub); > if (defined($encrypt)) { > # If the package given can perform the subroutine given, then > use it to compare the > # password given with the password pulled from the database. > # Jump to the next external authentication service if they don't match > if(defined($db_p_salt)) { > $RT::Logger->debug("Using salt:",$db_p_salt); > if(${encrypt}->($password,$db_p_salt) ne $pass_from_db){ > $RT::Logger->info( $service, > "AUTH FAILED", > $username, > "Password Incorrect"); > return 0; > } > } else { > if(${encrypt}->($password) ne $pass_from_db){ > $RT::Logger->info( $service, > "AUTH FAILED", > $username, > "Password Incorrect"); > return 0; > } > } > } else { > # If the encryption package can't perform the request subroutine, > # dump an error and jump to the next external authentication service. > $RT::Logger->error($service, > "AUTH FAILED", > "The encryption package you gave me (", > $db_p_enc_pkg, > ") does not support the encryption method > you specified (", > $db_p_enc_sub, > ")"); > return 0; > } > > > But i'm not shure where exactly. And how I can convert string to hash. > > I'm not familiar with perl ;/ > > > > Best > Adrian > > 2011/11/15 Zordrak <zord...@tpa.me.uk>: >> Adrian Stel wrote: >>> Hi, >>> >>> >>> Can't use string ("user password") as a HASH ref while "strict refs" >>> in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm >>> line 278. >>> >>> Problem is with type of user password. >>> >>> Still need to know where I should search. >> >> Search for the text "p_enc_sub". There's only one place it should be >> defined and it will be very close to where the password is submitted to >> that method as a string parameter. >> -- >> Zordrak >> zord...@tpa.me.uk >> >> > > > > -- > Pozdrawiam > Adrian Stelmaszyk > -- Pozdrawiam Adrian Stelmaszyk -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011