passwords

Are there any working packages to change a linux user passwords using PHP? I've tried using PECL:PAM but theres an error when it tries to change the password. Edit: PHP code: echo pam_chpass($username, $password, $new_pass, &$error) ? 'good' : $error; PHP (echo) output: Permission denied (in pam_authenticate) From /var/log/auth (these are actually from before, the log doesn't seem to be working ATM for some reason yet to be determined): Jun 11 15:30:20 veda php: pam_unix(php:chauthtok): conversation failed Jun 11 15:30:20 veda php: pam_unix(php:chauthtok): password - (old) token not obtained

I just got my hands on doing dynamic web programming using JSP. What is the proper way to handle the configurations? For example, database name, host, login, and password, and indexing directory in the server, etc. My concern is mostly about the security of the passwords. Currently I hard code the data into the .java files, I don't think this is the right way to do so I would like to learn from your experiences. BalusC Configuration is usually stored in a properties or XML file which is been placed in the application's runtime classpath or at a fixed location which is specified as a VM

Now I realise this topic has been covered many times before. However there did not appear to be a solution that wanted to make the current password field exempt only when the password in the database was blank. I currently have the password required in my user model like: def password_required? (authentications.empty? || !password.blank?) && super end Then I copied the update function across into my registrations controller: def update if resource.update_with_password(params[resource_name]) set_flash_message :notice, :updated sign_in resource_name, resource, :bypass => true redirect_to after

I am migrating a site from Drupal 7 to Django 1.4, including the current users. How can I work with the passwords that were hashed by Drupal? According to this , Drupal 7 hashes passwords using SHA-512 (they are stored in the form of a string starting with "$S$"). Django 1.4 now contains a number of options for storing passwords, with a default of SHA-256, but I can't find an option for SHA-512. While this app appears to allow the use of SHA2 algorithms, I'm not sure it's compatible with Django 1.4 (as 1.4 has a flexible password hasher). What is the simplest way to do this? ETA: I've built a

If you had looked at table schema of asp.net membership system they store the hash of raw password along with salt used to produce it. see the schema below, dbo.aspnet_Membership ApplicationId UserId Password PasswordFormat PasswordSalt MobilePIN Email . . . If a attacker gets hold of the datbase isn't it easier for him to crack open the raw password from the salt and hashed password? After looking into some records it seems a new salt is generated for each password. What is significance of this? Would you recommend such a approach, or hard-code constant salt in the code Related Are salts