My overall objective is to combine authentication for postfix+SASL, Courier-IMAP, and Drupal. The trouble is, Drupal seems to be storing the passwords as an md5sum:
if ($key == 'pass' && !empty($value)) {
$query .= "$key = '%s', ";
$v[] = md5($value);
}
There are other similar examples in user.module. Now, if instead of using md5 it were using crypt(), I think I'd be in good shape. If I use courier-authlib with:
PGSQL_CRYPT_PWFIELD password
Then courier is able to authenticate against a crypted password stored in the database. Then I can point SASL to authlib and I'm done.
So the "easy" solution in my mind is for Drupal to allow for saving passwords in the database using php's crypt() function instead of md5(). What's wrong with this approach? What implications are there if I simply muck around with user.module here? What's a better approach than hacking it in? Let's assume for the moment that I don't want to stand up an LDAP directory just for this. I've trolled through the forums and docs and see mention of this and similar questions elsewhere, but so far no clear answers. I'd greatly appreciate any help you can provide.
"You're a flaming n00b" responses are welcome, so long as they also contain some pointers to docs/info, etc. Thanks!
Comments
I had the same requirement,
I had the same requirement, and this is about the only post I found about it. So, I've updated the user.module on my system, and it works now with mod_authn_dbd. I put a little extra code in to ease the transition for users - rather than have them all change their passwords at once, I put an extra loop in to accept both md5 and crypt hashes in the database. When the users change their passwords, they'll magically be able to use DAV :-)
Here's the patch:
If you're not worried about maintaining the MD5 hashes, you could forego the extra logic in
user_load.this may work for you
I use postfix+saslauthd+ pam_mysql and can authenticate postfix users against drupal. You need to make sure pam_mysql is compiled with md5 support, then just set:
crypt=3 md5=true
in your pam.d/smtp file.
Check out cryptpw module
Just created a cryptpw module which addresses this concern. It should be available at http://drupal.org/project/cryptpw once the next crontab run occurs.
The web is like usenet, but
the elephants are untrained.
Good. — Fast. — Cheap.
(Pick any two.)