dhis2-devs team mailing list archive

[Halvdan Grelland <halvdanhg@xxxxxxxxx>]

For the record: Starting in 2.21 we only accept bcrypt password hashes.
Anything else will fail.

Beginning in 2.17 we started hot-swapping every user logging in with the
old scheme (md5) to the new one (bcrypt) on login. Even though they work in
2.20 I strongly suggest using bcrypt hashes for this reason as well as the
obvious security improvement.

As it seems you've experienced, changing the password in the DB at runtime
will not work (application memory will hold the old one). If you need to
force a password swap you will need to change the password in the db before
you start the server.

2015-09-01 9:53 GMT+02:00 gerald thomas <gerald17006@xxxxxxxxx>:

> Dear Alan,
> Thanks very much
>
> Regards,
> Gerald
> On Aug 31, 2015 9:22 PM, "Alan Ivey" <aivey@xxxxxxxxxxxxxx> wrote:
>
>> Hi Gerald,
>>
>> You can create a password hash with Python and the Bcrypt library. Run
>> this single command in your terminal to get a hash for *passwordGoesHere*
>> :
>>
>> $ python -c 'import bcrypt; hash = bcrypt.hashpw("*passwordGoesHere*",
>> bcrypt.gensalt(rounds=10, prefix=b"2a")); print(hash);'
>>
>> You can insert the resulting hash directly into the database for the
>> admin user.
>>
>> Note: If you do not have the Bcrypt library in your Python installation,
>> you should add it with pip. The following will install all prerequisites on
>> a CentOS 6 system:
>>
>> $ yum install gcc libffi-devel python-devel python-pip
>> $ pip install --user bcrypt
>>
>> Before attempting to change the admin user password in the database,
>> visit the front page of a new installation to have DHIS2 generate data in
>> the database for the admin user (you can do something as simple as $
>> curl -sL http://localhost:8080/). Then, you can enter the following
>> query into the Postgres CLI with the DHIS2 database in use:
>>
>> UPDATE USERS SET password = '001122hashgoeshere221100' WHERE username =
>> 'admin';
>>
>> Restart the application server (Tomcat) and then you should be able to
>> log in with your new password *passwordGoesHere* or what you changed it
>> to.
>>
>> Regards,
>> Alan
>>
>> On Mon, Aug 31, 2015 at 11:02 AM, gerald thomas <gerald17006@xxxxxxxxx>
>> wrote:
>>
>>> Dear all,
>>> I am setting up a training server for staff and i am using dhis2 live
>>> to achieve the task but i am using one of our database rather than the
>>> default database. I had already used the following query to change the
>>> admin password:
>>>
>>> UPDATE users set password = '48e8f1207baef1ef7fe478a57d19f2e5'
>>> where username = 'admin';
>>>
>>> What am i doing which is wrong and why i can't login with username:
>>> admin password: district
>>>
>>> --
>>> Regards,
>>>
>>> Gerald
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-devs
>>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>