Forum OpenACS Q&A: How i read password of the users table?

Collapse
1: How i read password of the users table?
Posted by Dayra Munoz on 03/04/02 10:19 PM
Hi friends:

I have installed OpenACs 4.0 in Linux 7.2 and AOLServer 3.2.

When one user forgot password, my system send mail with the new
password.  the email-password-2.tcl file use the follow:

set password [ad_generate_random_string]
ad_change_password $user_id $password

Now, i want to send mail to the user, the same password that is saved
in users table and not to send another new password.

What function or statement i use for it?

Thanks

Collapse
2: Response to How i read password of the users table? (response to 1)
Posted by Jonathan Ellis on 03/04/02 10:39 PM
I believe 4.x stores hashed passwords similar to the way /etc/passwd does.  So you can't get the original password back out; you can only hash a user-supplied password and see if it matches.
Collapse
3: Response to How i read password of the users table? (response to 1)
Posted by Jun Yamog on 03/05/02 04:45 AM
Well maybe somebody can port Jack the Ripper to tcl or plpgsql?  That way we can still get the passwords like in the 3.x days. =)

Or if ACS does use the same way as /etc/passwd you can just create a bogus /etc/passwd and use some cracker progie to do your stuff.