Project

General

Profile

Actions

Bug #84097

closed

Problem with convert user passwords to salted hashes (saltedpasswords)

Added by Rene Tobias over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
Start date:
2018-03-01
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hello, after upgrade to TYPO3 8.7.10 i have MD5 passwords stored in database, table "fe_users" (example: M$1$98Vy0iSs$NyLAwO61TTI3...).

I run the task for converting MD5 passwords to salted hashes, but nothing happens. I run task manualy from "Scheduler".

Can anyone help me?


Files

1.JPG (124 KB) 1.JPG Rene Tobias, 2018-03-01 09:26
2.JPG (82.6 KB) 2.JPG Rene Tobias, 2018-03-01 09:26
Actions #1

Updated by Benni Mack over 6 years ago

Can you tell us a bit more about the status of EXT:saltedpasswords? What is your extension configuration / settings?

Updated by Rene Tobias over 6 years ago

Benni Mack wrote:

Can you tell us a bit more about the status of EXT:saltedpasswords? What is your extension configuration / settings?

Hey, i attached 2 pictures of my configuration.

"Update FE user passwords frontend.FE.updatePasswd (boolean) Keep existing FE user passwords but automatically convert them to the salted hash format during authentication (will not work if forceSalted is used)." - that works fine, it convert MD5 to salted. But i want to "bulk" update all passwords - that dont work :(

Actions #3

Updated by Wouter Wolters over 6 years ago

Are you doing that with the scheduler task?

Actions #4

Updated by Rene Tobias over 6 years ago

Wouter Wolters wrote:

Are you doing that with the scheduler task?

Not with task, i run it manually from module "Scheduler".

Actions #5

Updated by Christian Kuhn over 6 years ago

  • Status changed from New to Closed

The update task can not bulk convert one hashed password to another hash. That's technically impossible, it would need the plaintext password for that. That's why a transition to a different hash system always only happens during login of a user (in frontend or backend). The bulk updater is to move from plaintext passwords in the database towards a hash.

Actions

Also available in: Atom PDF