Thread

  1. Re: Re: Encrypting pg_shadow passwords

    Jim Mercer <jim@reptiles.org> — 2001-06-26T18:49:13Z

    On Tue, Jun 26, 2001 at 11:03:38AM -0400, Bruce Momjian wrote:
    > > the fix is for the authentication behaviour, not the adminitrative interface
    > > (ie. ALTER USER).
    > 
    > But the fix disables crypt authentication, at least until we do double
    > encryption.
    
    only if the dbadmin decides to store crypt'd passwords in pg_shadow.
    
    the code only alters the behaviour of the way the client and server
    passwords are compared, if, and only if, the auth type is "password pg_shadow".
    
    the current code does not allow a method for the client to pass clear-text
    password, and have it compared to an encrypted pg_shadow.
    
    i consider this broken (especially given the intention of using
    "password /some/file").
    
    -- 
    [ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
    [ Now with more and longer words for your reading enjoyment. ]