md5_password_warnings for password auth with MD5-encrypted passwords
Fujii Masao <masao.fujii@gmail.com>
From: Fujii Masao <masao.fujii@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-06-23T01:39:42Z
Lists: pgsql-hackers
Attachments
- v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch (application/octet-stream) patch v1-0001
Hi, While testing md5_password_warnings, I noticed that authentication with an MD5-encrypted password emits the expected warning when the HBA method is md5, but not when it is password. Was this intentional, or just an oversight? I couldn't find any discussion about this, so I put together the attached patch. It updates the authentication code to emit the same MD5 deprecation connection warning after successful password authentication when the stored password is MD5-encrypted. Thoughts? Regards, -- Fujii Masao
Commits
-
Warn on password auth with MD5-encrypted passwords
- e57a865dc700 19 (unreleased) landed
- f6fdc2a4a737 master landed