Mimsy Were the Borogoves

Mimsy Were the Technocrats: As long as we keep talking about it, it’s technology.

A weekend solution, two months later

Jerry Stratton, February 16, 2007

We’re implementing a new student portal, and as part of the portal we want a true single sign-on: one that works across systems. We’ve brought in a consultant to assist us; I happened to be there today while the consultant was copying a user from our LDAP authentication system to the portal for test purposes.

“That’s strange. Every user seems to have two password hashes.”


“The second one seems to always be the same hash.”


“That’s scary.”


Yes, our weekend backdoor is still active two months later.

I could use a weekend that long.

In response to I can’t think of any other way to do it: There is no system so insecure that a rushed migration can’t make things worse.

  1. Public Passwords ->