Re: About passwords
Yes the password formats need more testing and some documentation before the release and possibly some feature to assist in changing from one format to another.
That MySQL issue is a bug in the table script, need to change that column from varchar(50) to varchar(128). That is also the reason you can't login with the created user, fix the column and create a user and it should work. May also need to check the dbPortal methods for user create and update methods as the params may also be defined as varchar(50). I'll look into fixing these issues tonight and commit to svn.
If you login with site site configured as cleartext then change it to one of the others, you need to update your password before you log out so it gets converted.
I agree we need to code it so it adapts existing users when changed with the following use cases:
Cleartext change to encrypted - encrypt plain passwords for exisitng
Cleartext change to hashed - hash passwords for exisiting users
Encrypted changed to cleartext - decrypt passwords
Encrypted change to hashed - decrypt then hash passwords
Hashed to cleartext - replace password with random password
Hashed to encrypted - replace passwords with random passwords then encrypt them
obviously the change form hashed to anything else is the most problematic since users passwords will all be reset.
None of the above is done yet but this is what I think we need to do before the 2.1 release