Re: md5_password_warnings for password auth with MD5-encrypted passwords
Chao Li <li.evan.chao@gmail.com>
From: Chao Li <li.evan.chao@gmail.com>
To: Fujii Masao <masao.fujii@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-06-23T02:44:16Z
Lists: pgsql-hackers
> On Jun 23, 2026, at 09:39, Fujii Masao <masao.fujii@gmail.com> wrote: > > Hi, > > While testing md5_password_warnings, I noticed that authentication > with an MD5-encrypted password emits the expected warning when the HBA > method is md5, but not when it is password. > > Was this intentional, or just an oversight? > > I couldn't find any discussion about this, so I put together the > attached patch. It updates the authentication code to emit the same > MD5 deprecation connection warning after successful password > authentication when the stored password is MD5-encrypted. > > Thoughts? > > Regards, > > -- > Fujii Masao > <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch> Given that the original warning emission was in md5_crypt_verify(), I think it might be a bit better to keep the two private helpers in crypt.c and add the warning emission in plain_crypt_verify(), because that function has already determined the password type and authentication result. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/
Commits
-
Warn on password auth with MD5-encrypted passwords
- e57a865dc700 19 (unreleased) landed
- f6fdc2a4a737 master landed