Thread

  1. Re: Encrypting pg_shadow passwords

    Jim Mercer <jim@reptiles.org> — 2001-06-26T12:56:28Z

    On Mon, Jun 25, 2001 at 02:34:51PM +0800, Lincoln Yeoh wrote:
    > At 12:51 AM 26-06-2001 -0400, Jim Mercer wrote:
    > >this is not so much an enhancement, but a correction of what i think the
    > >original "password" authentication scheme was supposed to allow.
    > 
    > Yep it's a correction. pg_shadow shouldn't have been in plaintext in the
    > first place.
    > 
    >  host all 127.0.0.1 255.255.255.255 password 
    > should have meant check crypted passwords in pg_shadow.
    > 
    > Given your suggestion, what happens when someone does an ALTER USER ...
    > WITH PASSWORD ....? 
    > 
    > Might it be too late to do a fix? 
    
    i didn't want to change things too much.  in the case of ALTER USER, the
    code would need to encrypt the password beforehand, either inline, or
    using a pgsql-contrib crypt() function.  (i have this if you want it)
    
    the fix is for the authentication behaviour, not the adminitrative interface
    (ie. ALTER USER).
    
    -- 
    [ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
    [ Now with more and longer words for your reading enjoyment. ]