md5_password_warnings for password auth with MD5-encrypted passwords

Fujii Masao <masao.fujii@gmail.com>

From: Fujii Masao <masao.fujii@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-06-23T01:39:42Z
Lists: pgsql-hackers

Attachments

Hi,

While testing md5_password_warnings, I noticed that authentication
with an MD5-encrypted password emits the expected warning when the HBA
method is md5, but not when it is password.

Was this intentional, or just an oversight?

I couldn't find any discussion about this, so I put together the
attached patch. It updates the authentication code to emit the same
MD5 deprecation connection warning after successful password
authentication when the stored password is MD5-encrypted.

Thoughts?

Regards,

-- 
Fujii Masao

Commits

  1. Warn on password auth with MD5-encrypted passwords