MantisBT supports several authentication techniques out of the box. In addition, there is work in progress relating to supporting authentication plug-ins. Once authentication plug-ins are implemented, then authentication against any protocol or repository of user names and passwords can be done without having to touch MantisBT core code.
Although MantisBT supports multiple authentication techniques, it is important to note that MantisBT doesn't yet support hybrid authentication scenarios. For example, internal staff authentications against LDAP where customer authentications against MantisBT database.
Standard, or native, authentication is where MantisBT users are authenticated against user records in the MantisBT database. The passwords are stored in the database in one of several formats:
CRYPT - deprecated.
CRYPT_FULL_SALT - deprecated.
PLAIN - deprecated.
MD5 - This is default and recommended approach. See MD5 topic on Wikipedia for more details.
See $g_login_methods for more details about how to configure MantisBT to use one of the above authentication techniques.