old-git.evergreen-ils.org Git - working/Evergreen.git/commit

author	Bill Erickson <berickxx@gmail.com>
	Fri, 17 Jul 2015 20:00:17 +0000 (16:00 -0400)
committer	Bill Erickson <berickxx@gmail.com>
	Fri, 26 Feb 2016 15:07:41 +0000 (10:07 -0500)
commit	f47a980e1e19c3e90ebe3189be803a6841807e5f
tree	5074dc4d6f993f008bf10a814b7b67cb68dbb80a	tree
parent	72a8c6a0004602e7eae6c1b3cfa4704df8e8618a	commit \| diff

LP#1468422 Password storage/migration SQL getting started

* Backwards compatible salted password storage using pgcrypt
* Adds actor.passwd and actor.passwd_type tables
* Includes pgtap tests
* Includes installation of pgcrypto

Current flow:

1. Application requests a salt to use as the CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.

== continued...

Store the iter_count and start using the crypt_algo column.

Make it possible to change the salt, and potentially strengthen
the salt, when changing passwords.

Make is possible to start salt-less passwords, for pw's that are managed
outside of the DB.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>

Open-ILS/src/sql/Pg/005.schema.actors.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/950.data.seed-values.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/create_database_extensions.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/live_t/lp1468422_passwd_storage.pg	[new file with mode: 0644]	blob
Open-ILS/src/sql/Pg/upgrade/XXXX.schema.password-storage.sql	[new file with mode: 0644]	blob