old-git.evergreen-ils.org Git - working/Evergreen.git/commit

author	Bill Erickson <berickxx@gmail.com>
	Fri, 17 Jul 2015 20:00:17 +0000 (16:00 -0400)
committer	Dan Wells <dbw2@calvin.edu>
	Fri, 26 Feb 2016 14:17:20 +0000 (09:17 -0500)
commit	31bebbee0f11cf48b43768046d50ba403e1d9e1a
tree	cfb9bbb59b06560fc9e6d671dd10a7eb69754959	tree
parent	db8bd918412d9ee7fe4f8928d3d85bc24aa5120e	commit \| diff

LP#1468422 Password storage/migration SQL getting started

* Backwards compatible salted password storage using pgcrypt
* Adds actor.passwd and actor.passwd_type tables
* Includes pgtap tests
* Includes installation of pgcrypto

Current flow:

1. Application requests a salt to use as the CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.

== continued...

Store the iter_count and start using the crypt_algo column.

Make it possible to change the salt, and potentially strengthen
the salt, when changing passwords.

Make is possible to start salt-less passwords, for pw's that are managed
outside of the DB.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>

Open-ILS/src/sql/Pg/005.schema.actors.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/950.data.seed-values.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/create_database_extensions.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/live_t/lp1468422_passwd_storage.pg	[new file with mode: 0644]	blob
Open-ILS/src/sql/Pg/upgrade/XXXX.schema.password-storage.sql	[new file with mode: 0644]	blob