I've been looking through the documentation and it doesn't make mention of md5 hash support. An application that I am using requires the md5() function from mysql instead of the encrypt() function to authenicate against. How difficult is to work this in?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The passwords are stored encrypted, so no mysql-specific function is necessary in order to authenticate users. The only issue is *creating* the MD5 string to store in the user 'password' field.. Once that's done, the OS will recognize that it's MD5 based on the $1$ prefix. You'll just need a way to turn plain-text into MD5 when creating/updating users in MySQL ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Creating the md5 hashed password is no problem. Based on the example scripts, the INSERT for users uses the ENCRYPT(<insertpasswordhere>) function, which works like a charm at the OS level. The only difference to get md5 hashes to work with MySQL is to use the MD5(<insertpasswordhere>) function instead of the ENCRYPT().
I thought that Linux and PAM were intelligent enough to detect a md5 hashes, but it seems that it chokes on the MD5() function from MySQL. A pointer into the right direction will let me track it down.
Cheers,
Rodolfo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The MD5() routine in MySQL doesn't produce a compatible output. I don't believe there's a simple way to do it directly with a MySQL function; you'll notice that the output is not the correct $1$... format. You could use an external program to create the hash and insert the value directly.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks, Ben. I feared the same after delving deeper into PAM. Now I know PAM more personally than I would of ever liked to!
Guess I'm going to have to hit back to the application developers to see how difficult it would be to get the application to support using the $1$...$ salt.
Cheers!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The salt will come only from a set of numbers, instead of [a-z,A-Z,0-9] (and other possibilities depending on the OS), but it's a start. I'm personally trying to find a clean way to come up with a good way to generate a fully random salt but no luck so far ...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, using the suggestions already posted, you can just run an "insert" statement. I'll use my example generator since it's much shorter (but less secure) than rjsocha's as an example (linux):
INSERT INTO users (username,gecos,homedir,password) VALUES ('cinergi', 'Ben Goodwin', '/home/cinergi', encrypt('foo',concat('$1$',substring(rand(),3,8))));
It may be possible to set a variable to the value that rjsocha's version produces, and then use that, so that the INSERT statement isn't so huge. I'm not sure about functions/procedures (does MySQL do that yet?)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been looking through the documentation and it doesn't make mention of md5 hash support. An application that I am using requires the md5() function from mysql instead of the encrypt() function to authenicate against. How difficult is to work this in?
The passwords are stored encrypted, so no mysql-specific function is necessary in order to authenticate users. The only issue is *creating* the MD5 string to store in the user 'password' field.. Once that's done, the OS will recognize that it's MD5 based on the $1$ prefix. You'll just need a way to turn plain-text into MD5 when creating/updating users in MySQL ...
Creating the md5 hashed password is no problem. Based on the example scripts, the INSERT for users uses the ENCRYPT(<insertpasswordhere>) function, which works like a charm at the OS level. The only difference to get md5 hashes to work with MySQL is to use the MD5(<insertpasswordhere>) function instead of the ENCRYPT().
I thought that Linux and PAM were intelligent enough to detect a md5 hashes, but it seems that it chokes on the MD5() function from MySQL. A pointer into the right direction will let me track it down.
Cheers,
Rodolfo
The MD5() routine in MySQL doesn't produce a compatible output. I don't believe there's a simple way to do it directly with a MySQL function; you'll notice that the output is not the correct $1$... format. You could use an external program to create the hash and insert the value directly.
Thanks, Ben. I feared the same after delving deeper into PAM. Now I know PAM more personally than I would of ever liked to!
Guess I'm going to have to hit back to the application developers to see how difficult it would be to get the application to support using the $1$...$ salt.
Cheers!
I know I"m digging up an OLD thread but:
select encrypt('foo', '$1$lOfFOVh3');
does the trick for me. Just use $1$ and and 8-character salt as the second argument to encrypt() and you'll get what you're looking for:
+------------------------------------+
| encrypt('foo', '$1$lOfFOVh3') |
+------------------------------------+
| $1$lOfFOVh3$g9OaynJpzvA.6mLWo/Deo1 |
+------------------------------------+
And this will create it from a random salt, albeit from a limited set:
select encrypt('foo',concat('$1$',substring(rand(),3,8)));
The salt will come only from a set of numbers, instead of [a-z,A-Z,0-9] (and other possibilities depending on the OS), but it's a start. I'm personally trying to find a clean way to come up with a good way to generate a fully random salt but no luck so far ...
old topic...
i know :)
salt generator from a set of [a-zA-Z0-9./]
my 2 cents :)
select concat("$1$",
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
substring(
concat(
char(floor(48+rand()*10)),
char(floor(65+rand()*25)),
char(floor(97+rand()*25)),
"./"
),
floor(1+rand()*5),1
),
"$") as password;
Hi,
OK. So what now? Help ;)
How to implement some (function, procedure) to Mysql to put password in easy way.
any idea?
Thanks.
Mszutko
Well, using the suggestions already posted, you can just run an "insert" statement. I'll use my example generator since it's much shorter (but less secure) than rjsocha's as an example (linux):
INSERT INTO users (username,gecos,homedir,password) VALUES ('cinergi', 'Ben Goodwin', '/home/cinergi', encrypt('foo',concat('$1$',substring(rand(),3,8))));
It may be possible to set a variable to the value that rjsocha's version produces, and then use that, so that the INSERT statement isn't so huge. I'm not sure about functions/procedures (does MySQL do that yet?)
Hi,
Your example is shorter and I will try to use it. Thanks.
I will try aslo to implement some function to myslq - mysql have it.
Thanks,
Mszutko