Warn on password auth with MD5-encrypted passwords

Fujii Masao <fujii@postgresql.org>

Commit: f6fdc2a4a737b62323b786aea59ab7a38cd7f835
Author: Fujii Masao <fujii@postgresql.org>
Date: 2026-07-01T11:57:28Z
Releases: master
Warn on password auth with MD5-encrypted passwords

Commit bc60ee860 added a connection warning after successful MD5
authentication, but only for the md5 authentication method. A role with
an MD5-encrypted password can also authenticate via the password method,
which left that path without the same deprecation warning.

Emit the MD5 deprecation connection warning after successful
password authentication as well, when the stored password is
MD5-encrypted.

Backpatch to v19, where the MD5 connection warning was introduced.

Author: Fujii Masao <masao.fujii@gmail.com>
Reviewed-by: Chao Li <li.evan.chao@gmail.com>
Reviewed-by: Japin Li <japinli@hotmail.com>
Discussion: https://postgr.es/m/CAHGQGwGkWfn5rtHzvdRbVk+PCefQU3gun3hc7QnaMXHFa5Bu3w@mail.gmail.com
Backpatch-through: 19

Files

PathChange+/−
doc/src/sgml/config.sgml modified +2 −1
src/backend/libpq/auth.c modified +33 −0
src/backend/libpq/crypt.c modified +0 −22
src/test/authentication/t/001_password.pl modified +10 −0

Documentation touched

Discussion