How can I use the Whirlpool hash with Django authentication?
We have a system written in PHP where account passwords are stored as the first 128 chars of a whirlpool hash of the password.
I'd like to transition to handling the logins with Django without changing the database or asking users to change their passwords. Also, I'd prefer to stick with whirlpool vs. the less secure hashes Django has built in. I found a python (C) implementation of Whirlpool which seems to work fine.
How can I change the Django password checking function to use开发者_Python百科 Whirlpool rather than SHA1/MD5?
Basically you want to write your own authentication back-end. Fortunately, this can be done very easily.
It's as easy as:
class MyBackend:
def authenticate(self, username=None, password=None):
# Check the username/password and return a User.
Then all you need to do is specify the back-end class by setting AUTHENTICATION_BACKENDS
to be ('django.contrib.auth.backends.YourCustomBackend',)
.
See: http://docs.djangoproject.com/en/dev/topics/auth/#specifying-authentication-backends
精彩评论