Re: [HACKERS] User authentication bug?
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: M.Boekhold@et.tudelft.nl
Cc: pgsql-hackers@postgreSQL.org
Date: 1998-07-31T19:53:25Z
Lists: pgsql-hackers
> Hi, > > I was having trouble with user authentication, so I submerged myself in > the source (UTSL ie. Use The Source luke ;) to see if I could figure out > what I was doing wrong: > > While using passwords stored in pg_shadow (pg_user), I cannot connect to > the backend using the 'password' authentication, I can connect using 'crypt'. > > Now, I found from the source that the routines that do crypt checking > also seem to support plain passwords. But this code is never used, > because apparently uaCrypt is never set for 'password', while my > understanding is that this should be set when there is no password-file > specified in pg_hba.conf. > > AlthoughcCheckPassword() seems to provide for this, it appears not to be > working. > > Anybody knows what's going on here? I intent to fire up a debugger here > to see if I can figure out what's wrong, but thought asking first doesn't > do any harm. > > btw. is there anywhere a good description on how control flows during > this phase of connecting? It all looks very difficult, with lots of > function pointer being passed around etc. Yes, very confusing. Only Tom Lane understands it, I think. Maybe Tatsuo too. -- Bruce Momjian | 830 Blythe Avenue maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 + If your life is a hard drive, | (610) 353-9879(w) + Christ can be your backup. | (610) 853-3000(h)