Importing Unix users and passwords?

[ducasi]

Hi,

I'm about to start hacking vBulletin (and the mysql databases) to allow me to ...

1) import a large group of users from our unix password file
2) allow vbulletin to use the unix passwords from same.
3) syncronise passwords from unix password file.

An alternative would be to ...

1) import a large group of users from our unix password file
2) allow vbulletin to authenticate using the password file, or equivalent, rather than the sql database.

I'm interested in hearing any previous experiences or pointers to existing hacks that I may have missed in my searches...

Thanks!

[Logician]

I'm quite experienced in vb-integration projects. Here is my advice:

Shape your new user db design so that it will use vb's default design from now on. It's always much more easier to adapt third party user database to use vbulletin user database instead of doing otherwise.. So convert your users/passwords to vb and from now on use vb database in your entire site. I wouldnt recommend hacking vb to force it use another login scheme of another software, it will be time consuming and awkard. In most cases it's easier to forget about your third party software and use/code an alternative of that if necessary..

My 2 cents..

[ducasi]

Quote:

Originally posted by Logician
Shape your new user db design so that it will use vb's default design from now on. It's always much more easier to adapt third party user database to use vbulletin user database instead of doing otherwise.. So convert your users/passwords to vb and from now on use vb database in your entire site.

Thanks for the reply....

Unfortunately this isn't a new user db design, this is a failry large department in a university dealing with hundreds of users and hundreds of computers, adding vb to allow a number of students to communicate with each other and with staff.

These users are managed through a single unix password file and that isn't going to change.

I reckon my best bet is to change the vb password encryption to be "crypt" and just feed the passwords into the mysql database behind vb's back.

Anyone else got ideas or suggestions?

Cheers!

[Logician]

If unix passwords is in MD5, insert them as they are. If they are in plain text while inserting into vb database MD5 them so you wont need to hack vbulletin in anyway..

After converting the existing users, you also need to write a script that will update the vb user table whenever a new unix user added/deleted from the system or whenever an existing user's unix password is changed (by Admin or by himself).

And this approach is what I was already suggesting: Dont touch vb and adapt your other tools to work with vb's existing system. It seems that what you planned is exactly this.. IMO sound design..

[ducasi]

Quote:

Originally posted by Logician
If unix passwords is in MD5, insert them as they are. If they are in plain text while inserting into vb database MD5 them so you wont need to hack vbulletin in anyway..

Unfortunately, they are in unix "crypt" (DES) format for compatibility across unix platforms that can't use MD5 passwords. And, of course, to make it harder we don't have the plain-text passwords...

Quote:

After converting the existing users, you also need to write a script that will update the vb user table whenever a new unix user added/deleted from the system or whenever an existing user's unix password is changed (by Admin or by himself).

I plan to run a nightly script to do this as the password file is auto-updated on a nightly basis anyway...

Quote:

And this approach is what I was already suggesting: Dont touch vb and adapt your other tools to work with vb's existing system. It seems that what you planned is exactly this.. IMO sound design..

I'm trying my best, but I still think I'll need to make vb use crypt-style passwords rather than md5...

[Scott MacVicar]

Not actually that hard to do but will require some changes in a couple of the primary files.

/member.php

PHP Code:

if ($user['password']!=md5($password)) {  // check password 


changes to

PHP Code:

if ($user['password']!=crypt($password, substr($password, 0, 2))) {  // check password 


then in /admin/sessions.php

PHP Code:

    if (md5($loginpassword)!=$bbuserinfo[password]) { 


becomes

PHP Code:

if (crypt($loginpassword, substr($loginpassword, 0, 2))!=$bbuserinfo[password]) { 


PHP Code:

$bbpassword=md5($loginpassword); 


becomes

PHP Code:

$bbpassword=crypt($loginpassword, substr($loginpassword, 0, 2)); 


Thats the basics to make it work, you will need to change the lost password function as well.

If you need more help contact me at scott.macvicar@vbulletin.org and I'll give you a hand.

[ducasi]

Thank PPN, I have just completed hacks to change all the "md5"s to "crypt"s, while still allowing old md5 passwords to work... (total of 16 lines changed)

I found to my amusement that my php's crypt defaults to md5 passwords anyway! But that's ok, as vb should never be creating the encrypted form of the password. This is cool, as it would allow for a future change to md5 if required, but you need to make sure and pass whole encrypted password as "salt", not just the first two characters!

I now have two major things and one minor thing to do...

1. Figure out how to import users from my password file into the user table. Anybody got any sample code? (maybe I could use unix uids for vb user ids?)

2. Figure out how to update changed passwords (really easy one I figure out part 1.)

3. Minor hacking to block off or redirect password changing, etc... (have yet to figure out best way of doing this.)

Cheers!

[Scott MacVicar]

I am sure that DES encryption uses the first two characters of the password as the salt.

[ducasi]

Quote:

Originally posted by PPN
I am sure that DES encryption uses the first two characters of the password as the salt.

Yep, but the crypt function is smart and will take the whole string and only use what is needed.

On systems that allow alternative crypts like md5 or blowfish, the crypt function must be given the whole password as salt. This allows it to figure out what encryption system is in use and to extract the larger salt from the password.