On 7/7/06, keukaman <[EMAIL PROTECTED]> wrote: > Also, I'm unsure what "Use '[algo]$[salt]$[hexdigest]'" means just > below the password field when setting up the account.
Based on that, I assume you've put the actual password in the database. Instead, django expects a hash of the actual password. (This is so that a compromised DB or backup doesn't leak passwords, since a hash of the password is just as good for authentication as the actual password.) See here for some clarification: http://www.djangoproject.com/documentation/authentication/#changing-passwords But, if your algorithm is sha1, and your salt is "spam", and your password is "more spam", in the DB you would have: sha1$spam$66c6603695b2aa3d6e72bcb17ce049d9267ccc4f which is to say, the algorithm plus the salt used for the hash, plus the result of applying the algoritm to the salted password (e.g. 'spammore spam' in this case). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
