X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;fp=PLC%2FAuth.py;h=25938c6d3ab9d59d52ae5fd7711d4761792fd9c7;hb=a276727f747f5ee14a840da4f5766d348282cd39;hp=2b2ea02ab447831786550f3a172930e59dd1ba04;hpb=c19e6d5b3807e66c17247134097d34f821df8926;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 2b2ea02..25938c6 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -4,7 +4,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id$
+# $Id: Auth.py,v 1.1 2006/09/06 15:36:06 mlhuang Exp $
 #
 
 import crypt
@@ -95,12 +95,13 @@ class PasswordAuth(Auth):
             if auth['AuthString'] != password:
                 raise PLCAuthenticationFailure, "Maintenance account password verification failed"
         else:
-            # Get encrypted password stored in the DB
+            # Compare encrypted plaintext against encrypted password stored in the DB
+            plaintext = auth['AuthString'].encode(method.api.encoding)
             password = person['password']
 
             # Protect against blank passwords in the DB
             if password is None or password[:12] == "" or \
-               crypt.crypt(auth['AuthString'], password[:12]) != password:
+               crypt.crypt(plaintext, password[:12]) != password:
                 raise PLCAuthenticationFailure, "Password verification failed"
 
         if auth['Role'] not in person['roles']: