Login with userstore password

Hello,
I’m here again :slight_smile:
I have set up a policy where otppin=1 but when I try to authenticate with https://localhost:5001/auth/index
I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?

PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE

This is the right way to authenticate.
And you are right, you can authenticate with the Password in the
useridresolver by setting otppin=1.
The SQLResolver implements the following passwords at the moment, which is
identified by the start of the password column contents:
(see
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/lib/resolvers/SQLIdResolver.py#L118)

  1. php wordpress, starting with “$P”
  2. sha1, starting with “{SHA}”
  3. salted sha1, starting with “{SSHA}”
  4. salted sha256, starting with “{SSHA256}”
  5. salted sha513, starting with “{SSHA512}”
  6. and a 64 byte password, which is assumed to be sha256 used by OTRS.

All other passwords will fail! :-/

I could however as a last resort add the plain comparision…

This tool
(https://github.com/privacyidea/privacyidea/blob/master/tools/ssha.py) will
calculate a {SSHA} password.
like:
{SSHA}5rzoq/JD+GxreULiShO1BJ5xMvGzKvShXlHWAw==
for the password “test”.

Kind regards
CorneliusAm Dienstag, 14. Oktober 2014 12:23:02 UTC+2 schrieb Paolo:

Hello,
I’m here again :slight_smile:
I have set up a policy where otppin=1 but when I try to authenticate with
https://localhost:5001/auth/index I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?

PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE

Works perfectly :smiley: thanks a lot!
I will write an how to on my blog about this ;)On Tuesday, October 14, 2014 12:48:15 PM UTC+2, corneliu...@netknights.it wrote:

This is the right way to authenticate.
And you are right, you can authenticate with the Password in the
useridresolver by setting otppin=1.
The SQLResolver implements the following passwords at the moment, which is
identified by the start of the password column contents:
(see
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/lib/resolvers/SQLIdResolver.py#L118
)

  1. php wordpress, starting with “$P”
  2. sha1, starting with “{SHA}”
  3. salted sha1, starting with “{SSHA}”
  4. salted sha256, starting with “{SSHA256}”
  5. salted sha513, starting with “{SSHA512}”
  6. and a 64 byte password, which is assumed to be sha256 used by OTRS.

All other passwords will fail! :-/

I could however as a last resort add the plain comparision…

This tool (
https://github.com/privacyidea/privacyidea/blob/master/tools/ssha.py)
will calculate a {SSHA} password.
like:
{SSHA}5rzoq/JD+GxreULiShO1BJ5xMvGzKvShXlHWAw==
for the password “test”.

Kind regards
Cornelius

Am Dienstag, 14. Oktober 2014 12:23:02 UTC+2 schrieb Paolo:

Hello,
I’m here again :slight_smile:
I have set up a policy where otppin=1 but when I try to authenticate
with https://localhost:5001/auth/index I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?

PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE