Home > mailing lists

Re: crypt vs password in pg_hba.conf - Mailing list pgsql-general

From	Tom Lane
Subject	Re: crypt vs password in pg_hba.conf
Date	June 15, 2003 04:45:26
Msg-id	10818.1055652158@sss.pgh.pa.us Whole thread Raw
In response to	Re: crypt vs password in pg_hba.conf ("Nigel J. Andrews" <nandrews@investsystems.co.uk>)
List	pgsql-general

Tree view

"Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:
> Check the syntax for the alter user statement, whereever it says you may use
> the word ENCRYPTED use it and you should then be able to use 'crypt' in the
> pg_hba.conf.

Actually I think this advice is backwards.  If you want to use crypt
authentication mode then you have to store *unencrypted* passwords in
pg_shadow, because encrypted passwords will be stored using MD5
encryption which is not compatible with crypt-style encryption.

But probably better advice is "don't use crypt auth mode, use md5".
The crypt mode is only still there to support legacy clients that
haven't been updated to handle md5 yet.

            regards, tom lane

pgsql-general by date:

From: Sven Köhler
Date: 15 June 2003, 00:23:51
Subject: Re: full featured alter table?

From: Tom Lane
Date: 15 June 2003, 05:09:41
Subject: Re: Unknown kind of return type specified for function

Re: crypt vs password in pg_hba.conf - Mailing list pgsql-general

Previous

Next