Re: [Serusers] Avoiding storing passwords in mysql "subscriber" table in clear-text

Thanks Jan for your feedback. I may confirm that serctl is generating the follow values: i) Plain text in the "password" column. ii) Enrcrypted text in the "ha1" column. iii) Encrypted text in the "ha1b" column. However, I refer back to my original objective, namely that while I still require users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table, when creating new user accounts using the serctl add command. Thanks Karl Jan Janak <jan(a)iptel.org> wrote: Make sure that you have proper values in ha1 column (generated automatically by serctl, if not then you can use gen_ha1 utility to generate the hashes from plaintext password) and set: modparam("auth_db", "calculate_ha1", no) modparam("auth_db", "password_column", ha1) Jan. On 12-10 00:12, karl wrote: --------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!