Thanks Richard. I had another look, and the database is in fact changing when I do a password reset. The password after reset is sha512 + hmac using the salt specified in the db.py. I checked it in code manually. I tried to find a combination of algorithm that gave me the old hash, before the password reset but with no luck. The salt in the db.py is exactly the same in both installs. I think I may have to debug the old installation to verify the salt that is used.
The problem is that I need to maintain the old passwords in the new install. On Feb 17, 3:51 pm, Richard Vézina <ml.richard.vez...@gmail.com> wrote: > Did you change the user of you DB? > > If yes, you have to change it in db.py in model this line (example for > Postgres) : > > db=DAL('postgres://USERNAME:PASSW...@127.0.0.1:5432/NEWDBNAME') > > And if it coming from the auth at login... Just put a password directly into > auth.user password field and go into your browser and use this password to > logon. > > It could append that you have enforce the strength or encryption you will > have to make your password conform to the rule of web2py strength > enforcement or change this line in db.py in model : > > custom_auth_table.password.requires = [IS_STRONG > <http://web2py.com/book/default/docstring/IS_STRONG>(), CRYPT > <http://web2py.com/book/default/docstring/CRYPT>()] > > * > * > > and remove : IS_STRONG(), CRYPT() > so it read : > > custom_auth_table.password.requires = [] > > Richard > > > > > > > > On Thu, Feb 17, 2011 at 6:01 AM, Matt <mattsn...@gmail.com> wrote: > > No actually it is the user authentication using Auth from the model. > > I think I will compare the database before and after, make sure I know > > exactly what has changed between the two. > > > Thanks. > > > On Feb 16, 7:21 pm, Richard Vézina <ml.richard.vez...@gmail.com> > > wrote: > > > The problem is it only when you try to access the appadmin on prod > > server? > > > > If so, it could come from parameters_443.py file in the web2py folder. It > > > contain the hash of you admin password. > > > > Richard > > > > On Wed, Feb 16, 2011 at 2:15 PM, Matt <mattsn...@gmail.com> wrote: > > > > I have recently moved my web2py installation to a new server. The > > > > database (postgresql) was copied using an sql dump. After this the > > > > user passwords appear to have stopped working. If I do a password > > > > reset, and use the same password it works again. The hash of the > > > > password is the same before and after the reset. Any ideas what is > > > > going on? > > > > > Thanks