md5 authentication working? - Mailing list pgsql-admin

From Steve Bergman
Subject md5 authentication working?
Date
Msg-id 1091588717.16009.14.camel@ip68-12-228-23.ok.ok.cox.net
Whole thread Raw
Responses Re: md5 authentication working?
List pgsql-admin
Hi,

I'm getting ready to open up port 80 of my apache/pgsql server to the
world and am working on tightening up security.

I have password based authentication working with phpPgAdmin, and Apache
mod_auth_pgsql, as well as PHP.

However, when I set the authentication to md5:

local all all md5

in pg_hba.conf it just works.  Always.  It doesn't matter if I have
auth_PG_hash_type set to CRYPT in auth_pgsql.conf, or whether or not I:

alter user USERNAME with password PASSWORD

or

alter user USERNAME with encrypted password PASSWORD

No matter what I do, as long as the user and password are correct, it
works.  If I set the passwords differently, it correctly denies access.

Looking in /var/lib/pgsql/global/pg_pwd shows passwords with an md5
prefix and which are obviously encrypted.  In fact, even the users I
have not altered to use encrypted passwords have them.

I'm running Fedora Core 1 with the vendor provided 7.4.2-1 rpms, and
stock Fedora Core 1 apache and mod_auth_pgsql.  PHP is 5.0.0 from
php.net.

So, is my information old, and md5 is "just standard" now?  Or is
something else going on?

Thanks,
Steve Bergman




pgsql-admin by date:

Previous
From: LISTMAN
Date:
Subject: Re: [HACKERS] Where does the xlateSqlType symbol point
Next
From: Tom Lane
Date:
Subject: Re: md5 authentication working?