Exporting

[Ivan Kohler]

On Tue, Jun 29, 1999 at 08:35:29AM -0700, Joel Griffiths wrote:
> On Mon, 28 Jun 1999, you wrote:
> > > One more thing about svc_acct.import I found was that the password fields get
> > > messed up and I had to maually fix them from mysql. They were imported as-is
> > > and then exported encrypted so I had double encrypted passwords. This really
> > > surprised me when I tried to log back in.
> > 
> > Hmm.  That shouldn't happen - svc_acct.export should pick up that the
> > password is already encrypted and not attempt to encrypt it again.  If you
> > have the resources to duplicate this problem again in a non-production
> > environment, I'd like to take a look. 
> It was svc_acct.import that did this. svc_acct.export works just fine.

Hmm.  I'm confused.  svc_acct.import doesn't do any password
encryption, it calls the stuff in svc_acct.pm.  The only place plaintext
passwords are encrypted is in svc_acct.export (unless you've been in the
source and uncommented stuff).  But already encrypted passwords aren't
encrypted again!

  if ( ( length($password) <= 8 )
       && ( $password ne '*' )
       && ( $password ne '' )
     ) {
    $cpassword=crypt($password,
                     $saltset[int(rand(64))].$saltset[int(rand(64))]
    );
    $rpassword=$password;
  } else {
    $cpassword=$password;
    $rpassword='UNIX';
  }

Perhaps you're confused by the fact that, in svc_acct.import, RADIUS
passwords override the system (passwd/shadow) passwords?

Can you help me understand this problem, so I can fix it?

-- 
Ivan Kohler <ivan at sisd.com> - finger for PGP key - <moc.dsis at navi> Relhok Navi
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too