clear text user password in external backend
I have an existing billing system where the user's passwords happen to be stored in MSSQL in plain text. This is an existing system written by another company and I am not at liberty to change it. Is there any way to configure OTRS to use an external backend with plain text passwords? I saw an old thread on the topic in the archives and the answer a few years ago was "No"...any chance that's changed?
on the one hand, you don't have to use the insecure passwords for
authentication, but you can still use it for demographics.
(Yeah, read it again.)
So what to do to create the users?
create a spreadsheet from the insecure data and use it to create a batch of
addCustomerUser.pl...
bin/otrs.AddCustomerUser.pl -f *FirstName *-l *LastName *-p *password
*-e *emailaddress
*-c *CustomerID *(email address or something else) *username*
then copy the result to the command line.
not *perfect* in the sense of password *sync* but will get the job done.
On Thu, Jun 6, 2013 at 1:27 PM, Adam Moffett
I have an existing billing system where the user's passwords happen to be stored in MSSQL in plain text. This is an existing system written by another company and I am not at liberty to change it. Is there any way to configure OTRS to use an external backend with plain text passwords?
I saw an old thread on the topic in the archives and the answer a few years ago was "No"...any chance that's changed? ------------------------------**------------------------------**--------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/**pipermail/otrshttp://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/**listinfo/otrshttp://lists.otrs.org/cgi-bin/listinfo/otrs
Hi Adam,
On Thu, Jun 6, 2013 at 7:27 PM, Adam Moffett
I have an existing billing system where the user's passwords happen to be stored in MSSQL in plain text. This is an existing system written by another company and I am not at liberty to change it. Is there any way to configure OTRS to use an external backend with plain text passwords?
I saw an old thread on the topic in the archives and the answer a few years ago was "No"...any chance that's changed?
It should be possible, check this section of the documentation: http://doc.otrs.org/3.2/en/html/external-backends.html#configuration-custome... You should set $Self->{'Customer::AuthModule::DB::CryptType''} to 'plain' in order to authenticate against the unencrypted passwords. I *need* to add that storing unencrypted passwords is a high security risk, and a bad idea, but I think you already know that!! -- Mike
It should be possible, check this section of the documentation: http://doc.otrs.org/3.2/en/html/external-backends.html#configuration-custome...
You should set $Self->{'Customer::AuthModule::DB::CryptType''} to 'plain' in order to authenticate against the unencrypted passwords.
I *need* to add that storing unencrypted passwords is a high security risk, and a bad idea, but I think you already know that!! -- Mike Thanks Mike. I think that's what I needed.
I recognize the foolishness of passwords stored in plain text, but I don't have a choice in this case. Thanks again.
Is anyone interested in SIRIOS or CERT related development of OTRS?
Yes. On 10 Jun 2013, at 17:08, AL wrote:
Is anyone interested in SIRIOS or CERT related development of OTRS?
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
participants (5)
-
Adam Moffett -
AL -
Gerald Young -
Michiel Beijen -
Steve Hall