[Koha] Importing encrypted patron passwords

Michael Kuhn mik at adminkuhn.ch
Sun Feb 6 14:09:46 NZDT 2022


Hi Mark

As Alvaro wrote there is no way to find out the actual password of any 
user when just knowing the hash (which since Koha 3.14 is (encrypted by 
Crypt::Eksblowfish::Bcrypt). But if for whatever reason you need to 
export and reimport the current passwords you can just unload the hashed 
passwords and insert them using SQL.

If for example you have a hash like

$2a$08$dsPH1AD9y9llddwE45sae.Wkfplp0a3P3GEllf0XKodDU3RR2Ue5e

you may insert it as follows (don't forget to escape the dollar signs):

UPDATE borrowers SET 
password='\$2a\$08\$dsPH1AD9y9llddwE45sae.Wkfplp0a3P3GEllf0XKodDU3RR2Ue5e' 
WHERE borrowernumber=...

NB. In my demo installation I'm doing this every minute since in the 
past some pointy-headed users used to change the password of the super 
user so they would have the demo installation just for themselves (they 
thought) until the next reset of the database.

Best wishes: Michael
-- 
Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch




Am 06.02.22 um 01:40 schrieb Alvaro Cornejo:
> There is no way to export unencrypted passwords since the db only has a
> hash of it. Not the password itself.
> 
> You can just do a full backup of your koha db and move it to the new
> server. Then run the DB upgrade process.
> 
> I'll however suggest you do the backup load/upgrade before configuring the
> server since some of the data uses DB indexes to be identified.
> 
> Regards,
> 
> Alvaro
> 
> 
> |----------------------------------------------------------------------------------------|
>   Stay safe / Cuídate/  Reste sécurisé
> *7* Switch off as you go / Apaga lo que no usas /  Débranchez au fur et à
> mesure.
>   *q *Recycle always / Recicla siempre / Recyclez toujours
>   P Print only if absolutely necessary / Imprime solo si es necesario /
> Imprimez seulement si nécessaire
> 
> 
> Le sam. 5 févr. 2022 à 08:31, Mark Alexander <marka at pobox.com> a écrit :
> 
>>
>> I'm in the process of upgrading a library's Debian 7/Koha 3.16 setup.
>> This installation is so old that an in-place upgrade can't be done.
>> My plan is to first create a test VM with Debian 10 and the latest
>> stable koha-common.  Then after manually setting up various admin
>> things (library, item types, ccode, loc, patron types), I'll import
>> the catalog and the patron list.  Finally, I'll move the resulting
>> database to the real (live) server.
>>
>> The snag here is the patron passwords.  I'll use a report from the SQL
>> library to export the patron list from the old installation, but the
>> passwords will be encrypted.  My understanding is that when importing
>> the patron list, the passwords must be unencrypted.  So I'll need to
>> remove the password column from the CSV file, and as a result,
>> every patron password will have to be reset manually.
>>
>> Is there any workaround for this?  I would just like to move the
>> encrypted passwords from the old installation to the new one.  I am
>> comfortable doing some hand-crafted SQL updates to accomplish this.
>> But before I make the attempt, is there any reason why this wouldn't
>> work or why it's a bad idea?
>>
>> --
>> Single-handedly, I have fought my way
>> into this hopeless mess. --Ashleigh Brilliant
>> _______________________________________________
>>
>> Koha mailing list  http://koha-community.org
>> Koha at lists.katipo.co.nz
>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>>
> _______________________________________________
> 
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha



More information about the Koha mailing list