Web based password updating...

Kendrick Vargas ken at hudat.com
Tue Jan 27 21:21:03 EST 2004


On Tue, 27 Jan 2004, Adam Gover wrote:

> I figure ill just do the passwd rip to insert the user names into the
> database without actually creating the inbox, then once the password is
> set auto create the inbox for them...  That should work pretty well
> actually...

Why rip? That could take forever. I just set up my database the way I
wanted and added a field to the table called "password_encrypted" or
something like that. Then, I wrote up a web php page which asked for a
username/password to "migrate" the user account. It grabbed the encrypted
form of the password for the specified user, pulled the salt, crypted the
specified password with the salt and compared it to the stored encrypted
form. If they matched I simply wrote the unencrypted form to the database.

I then dressed the script up with some niceness for my users to help them
understand why they were migrating their accounts. I let it run for two
weeks for everyone to come around and I was done. No CPU cycles wasted :-)

> Thanks for the idea..  A little bit of extra work for me, but if it
> saves me the pain of having my co-workers freaking because users keep
> calling to set passwords its always good :)

I know the feeling, glad I could be of help :-)
			-peace

-- 
Let he who is without clue kiss my ass




More information about the Info-cyrus mailing list