On Sep 11, 2008, at 10:58 AM, Platonides wrote:
Richard K Miller wrote:
Thanks for this update.
Would it make sense to introduce a new configuration directive to indicate the the password is unsalted AND unprefixed? For example, $wgPasswordPrefix = false ?
Work-arounds for connecting mod_auth_mysql to MediaWiki 1.13 include these:
- Modify crypt() in User.php (not ideal)
- Modify and recompile mod_auth_mysql (not ideal)
- Create a MySQL VIEW that returns user_name and the latter portion
of user_password (my current solution) 4. Introduce a new configuration directive, such as $wgPasswordPrefix
The change to the passwords was precisely to avoid trouble with password formats. IMHO the best fit would be #2 adding some new directives and applied to official mod_auth_mysql
"Trouble with password formats" is relative. For my wiki, it was more trouble to have to deal with the new user_password prefix. :)
I wouldn't expect mod_auth_mysql to support an option for working specifically with MediaWiki, and even a more general "ignore x characters prefix" option wouldn't be widely used.
For backward compatibility, a $wgPasswordBackwardCompatibility could be set to true. The patch would look like this:
(Additional code would be needed for wikis that have already migrated passwords to the new format.)