Authenticating against MySQL ENCRYPT()ed passwords
Posted on April 25th, 2009 in Blog | No Comments »
I did a few google searches and couldn’t find any concrete information about how to authenticate against a unix crypted password in MySQL. After a little experimentation I found that this worked well:
Given a table like the following:
mysql> select * from users;
+----------+---------------+
| username | password |
+--------------------------+
| adminman | YN.gCWkKVfvzQ |
+----------+---------------+
1 row in set (0.00 sec)
Use the following query to verify the password:
SELECT * from users WHERE username='adminman' and password=ENCRYPT('arrmatey', SUBSTR(password, 1 ,2));
You do a SUBSTR() on the password field because MySQL stores the crypt “salt” in the first two characters of the encrypted password.
Hi. I'm Paul, and I'm a sysadmin.