Dear list,
Hi, I just moved a Mediawiki from one Debian server to another. In the database that I imported from the previous server the user's password hashes looked like this:
:B:728d4f83:c0890522e6b9dfc8e3c55a45e5c05156
but now they look like this:
a4c520344c6ce5b3e2dfea3d43301a99.
And no authentication works.
I have found out that this has got to do with salting the hash, but I cannot seem to make Mediawiki use the salted kind of hashes, so my users are having to change their passwords, which is a nuisance.
Thanks,
Mordur Ingolfsson
Mordur Ingólfsson wrote:
Dear list,
Hi, I just moved a Mediawiki from one Debian server to another. In the database that I imported from the previous server the user's password hashes looked like this:
:B:728d4f83:c0890522e6b9dfc8e3c55a45e5c05156
but now they look like this:
a4c520344c6ce5b3e2dfea3d43301a99.
And no authentication works.
I have found out that this has got to do with salting the hash, but I cannot seem to make Mediawiki use the salted kind of hashes, so my users are having to change their passwords, which is a nuisance.
Thanks,
Mordur Ingolfsson
Is the new server at a mediawiki version greater or equal to the old one? The first hash is on a newer format, and is always salted. The second one may be salted or not depending on $wgPasswordSalt
Platonides wrote:
Mordur Ingólfsson wrote:
Dear list,
Hi, I just moved a Mediawiki from one Debian server to another. In the database that I imported from the previous server the user's password hashes looked like this:
:B:728d4f83:c0890522e6b9dfc8e3c55a45e5c05156
but now they look like this:
a4c520344c6ce5b3e2dfea3d43301a99.
And no authentication works.
I have found out that this has got to do with salting the hash, but I cannot seem to make Mediawiki use the salted kind of hashes, so my users are having to change their passwords, which is a nuisance.
Thanks,
Mordur Ingolfsson
Is the new server at a mediawiki version greater or equal to the old one? The first hash is on a newer format, and is always salted. The second one may be salted or not depending on $wgPasswordSalt
The version of mediawiki on the server onto which I moved the wiki is 1.12, I´m not sure which version on the machine the mediawiki came FROM. Is there a way to let MW 1.12 recognize and use the first kind of password hash?
Best Mordur
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Mordur Ingólfsson wrote:
Platonides wrote:
Mordur Ingólfsson wrote:
Dear list,
Hi, I just moved a Mediawiki from one Debian server to another. In the database that I imported from the previous server the user's password hashes looked like this:
:B:728d4f83:c0890522e6b9dfc8e3c55a45e5c05156
but now they look like this:
a4c520344c6ce5b3e2dfea3d43301a99.
And no authentication works.
I have found out that this has got to do with salting the hash, but I cannot seem to make Mediawiki use the salted kind of hashes, so my users are having to change their passwords, which is a nuisance.
Thanks,
Mordur Ingolfsson
Is the new server at a mediawiki version greater or equal to the old one? The first hash is on a newer format, and is always salted. The second one may be salted or not depending on $wgPasswordSalt
The version of mediawiki on the server onto which I moved the wiki is 1.12, I´m not sure which version on the machine the mediawiki came FROM. Is there a way to let MW 1.12 recognize and use the first kind of password hash?
The :B: style of password was introduced in MediaWiki 1.13. You should change your copy of MediaWiki to 1.13, rather than attempt to downgrade the database to 1.12.
The Debian packages of MediaWiki are pretty much useless. They don't even keep up with our security releases, it took them a month to backport 1.13.3/1.12.2. And it's not particularly easy to use, it doesn't install or upgrade the database for you. Just install it from the source tarball available on mediawiki.org, it's virtually the same procedure.
I have plans to improve the Debian package. If/when I think it's up to an appropriate standard, I'll advertise it on our download page.
-- Tim Starling
Tim Starling wrote:
Mordur Ingólfsson wrote:
Platonides wrote:
Mordur Ingólfsson wrote:
Dear list,
Hi, I just moved a Mediawiki from one Debian server to another. In the database that I imported from the previous server the user's password hashes looked like this:
:B:728d4f83:c0890522e6b9dfc8e3c55a45e5c05156
but now they look like this:
a4c520344c6ce5b3e2dfea3d43301a99.
And no authentication works.
I have found out that this has got to do with salting the hash, but I cannot seem to make Mediawiki use the salted kind of hashes, so my users are having to change their passwords, which is a nuisance.
Thanks,
Mordur Ingolfsson
Is the new server at a mediawiki version greater or equal to the old one? The first hash is on a newer format, and is always salted. The second one may be salted or not depending on $wgPasswordSalt
The version of mediawiki on the server onto which I moved the wiki is 1.12, I´m not sure which version on the machine the mediawiki came FROM. Is there a way to let MW 1.12 recognize and use the first kind of password hash?
The :B: style of password was introduced in MediaWiki 1.13. You should change your copy of MediaWiki to 1.13, rather than attempt to downgrade the database to 1.12.
The Debian packages of MediaWiki are pretty much useless. They don't even keep up with our security releases, it took them a month to backport 1.13.3/1.12.2. And it's not particularly easy to use, it doesn't install or upgrade the database for you. Just install it from the source tarball available on mediawiki.org, it's virtually the same procedure.
I have plans to improve the Debian package. If/when I think it's up to an appropriate standard, I'll advertise it on our download page.
-- Tim Starling
Thank you for your reply Mr. Starling.
Is it, in your opinion, safe to install the source tarball of 1.13 on top of the debian package installation? What would I need to keep in mind for such a procedure? There is a lot of different things going on on this particular server where the MW is running so I am a bit wary of breaking things.
Thanks,
Mordur Ingolfsson
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Mordur Ingólfsson wrote:
Thank you for your reply Mr. Starling.
Is it, in your opinion, safe to install the source tarball of 1.13 on top of the debian package installation? What would I need to keep in mind for such a procedure? There is a lot of different things going on on this particular server where the MW is running so I am a bit wary of breaking things.
Well, you wouldn't install it into the same directory. Just unpack it into some arbitrary directory, say /usr/local/mediawiki-1.13.3. Then in your Apache configuration, set up an alias, for example...
Alias /wiki "/usr/local/mediawiki-1.13.3" <Location /wiki> ... any settings you want to set ... </Location>
Then navigate to /wiki/config/index.php, and run the installer, entering the same DB name and prefix that the existing database uses. Then, if you have a LocalSettings.php file from the old server, copy it in, if not, use the one the installer generated. Then you'll probably want to remove the mediawiki package.
It would be hard to break things more than they're already broken.
-- Tim Starling
Tim Starling wrote:
Then you'll probably want to remove the mediawiki package.
It would be hard to break things more than they're already broken.
-- Tim Starling
Murphy says: The debian installer could be droping the mediawiki database.
Platonides wrote:
Tim Starling wrote:
Then you'll probably want to remove the mediawiki package.
It would be hard to break things more than they're already broken.
-- Tim Starling
Murphy says: The debian installer could be droping the mediawiki database.
It doesn't. It doesn't even know what the database name is, so it would have a hard time dropping it.
-- Tim Starling
mediawiki-l@lists.wikimedia.org