You'll have to do this:
When a user logs in, check both crypt("password-salt") and
crypt("salt-password") and log them in if either match. Once you have a
matching user, re-save the crypted password using the scheme you want to
use. The double-checking code will probably have to stay in the code forever
unless it's a very small site.
Martin Emde
Tw: @martinemde
On Fri, Dec 25, 2009 at 11:29 AM, Nic Benders <[email protected]> wrote:
> Wait, what?
>
> What kind of password "database"? Unix passwd+shadow? LDAP? Something
> else entirely?
>
> On Dec 24, 2009, at 12:51 PM, Sean McGilvray wrote:
>
> > Is it possible to reset both the password and salt. I have a server
> > that had to be rebuilt from scratch. When the database was rebuilt I
> > believe that the salt and password fields got switched and now there
> > are new users created the correct way but all the old users can no
> > longer log in.
> >
> > Thanks,
> >
> > Sean
> >
> > --
> > SD Ruby mailing list
> > [email protected]
> > http://groups.google.com/group/sdruby
>
> --
> SD Ruby mailing list
> [email protected]
> http://groups.google.com/group/sdruby
>
--
SD Ruby mailing list
[email protected]
http://groups.google.com/group/sdruby
