I didn't get around to testing the mentioned location of changing the password_hasher. After further investigation, I realized that the password hashes use a static hash and I was using a dynamic (per-user) hash.
*Just in case anyone runs into this problem (non-static Hash)*: My solution was to by-pass the existing authentication system all-together. I already had a custom User Model which sub-classed AbstractBaseUser. I simply overrode (sp?) the set_password and check_password methods to do the password checking on the spot; without delegating to django.contrib.auth.hashers The reasoning behind this solution is that I ran out of time attempting to track down a method of passing my per-user value to be included in the Hash. *WARNING*: This may not be a great idea. I haven't ran unit tests to see what sort of problems this will bring. Possibly none; I don't know until I do. Either way, I still believe the standard process-validation approach should be taken in case one needs to upgrade passwords or has multiple hash algorithms they want to use. I'm sure this work-around could be cleaned up to fall-back on the Django approach when needed. Either way, it feels clumsy and I'm sure there's a better way. Your mileage may very. On Thu, May 16, 2013 at 7:06 PM, Kurtis Mullins <kurtis.mull...@gmail.com>wrote: > It took some digging but I believe I found the answer, just in case anyone > else comes across this problem. I'll post again after I've tested this. > > > https://github.com/django/django/blob/1.5.1/django/contrib/auth/hashers.py#L20 > > > On Tue, May 14, 2013 at 6:05 PM, Kurtis <kurtis.mull...@gmail.com> wrote: > >> As per this document: >> >> https://docs.djangoproject.com/en/1.5/topics/auth/passwords/ >> >> Django will upgrade all existing passwords to use the 'preferred' >> algorithm. Two questions: >> >> 1. What is the 'preferred' algorithm? Is this set by Django? Or is this >> simply the hasher at the top (or bottom) of the PASSWORD_HASHERS tuple? >> >> 2. *How can I disable or otherwise bypass this feature?* The database I >> am working with is shared with an older code-base and until we migrate the >> other components, I"d rather not "upgrade" the existing password hashes. >> >> Thanks! >> - Kurtis >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users+unsubscr...@googlegroups.com. >> To post to this group, send email to django-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/django-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
