Re: Re: Encrypting pg_shadow passwords

Jim Mercer <jim@reptiles.org>

From: Jim Mercer <jim@reptiles.org>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Lincoln Yeoh <lyeoh@pop.jaring.my>, Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2001-06-26T18:49:13Z
Lists: pgsql-hackers
On Tue, Jun 26, 2001 at 11:03:38AM -0400, Bruce Momjian wrote:
> > the fix is for the authentication behaviour, not the adminitrative interface
> > (ie. ALTER USER).
> 
> But the fix disables crypt authentication, at least until we do double
> encryption.

only if the dbadmin decides to store crypt'd passwords in pg_shadow.

the code only alters the behaviour of the way the client and server
passwords are compared, if, and only if, the auth type is "password pg_shadow".

the current code does not allow a method for the client to pass clear-text
password, and have it compared to an encrypted pg_shadow.

i consider this broken (especially given the intention of using
"password /some/file").

-- 
[ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]