old-git.evergreen-ils.org Git - working/Evergreen.git/commit

author	Bill Erickson <berickxx@gmail.com>
	Fri, 17 Jul 2015 20:00:17 +0000 (16:00 -0400)
committer	Bill Erickson <berickxx@gmail.com>
	Wed, 17 Feb 2016 22:21:24 +0000 (17:21 -0500)
commit	0ab4c7a2864dc72b24ffa1e9353843510da4c3f7
tree	5ed0db62adfc9275e891607423408aab44e09c65	tree
parent	fb65ec1881afc5c4d217b3a0502ad288b063f8db	commit \| diff

LP#1468422 Password storage/migration SQL getting started

* Backwards compatible salted password storage using pgcrypt
* Adds actor.passwd and actor.passwd_type tables
* Includes pgtap tests
* Includes installation of pgcrypto

Current flow:

1. Application requests a salt to use as the CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.

== continued...

Store the iter_count and start using the crypt_algo column.

Make it possible to change the salt, and potentially strengthen
the salt, when changing passwords.

Make is possible to start salt-less passwords, for pw's that are managed
outside of the DB.

Signed-off-by: Bill Erickson <berickxx@gmail.com>

Open-ILS/src/sql/Pg/005.schema.actors.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/950.data.seed-values.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/create_database_extensions.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/live_t/lp1468422_passwd_storage.pg	[new file with mode: 0644]	blob
Open-ILS/src/sql/Pg/upgrade/XXXX.schema.password-storage.sql	[new file with mode: 0644]	blob