Tom Lane wrote:
> Hmm. Can we find a freely-distributable version of libcrypt anywhere?
>
> (Actually, now that I think about it, I'm not entirely sure that crypt()
> implements exactly the same transformation on every Unix platform.
> It may be that you have to have a version of crypt() that matches the
> one on your server's platform. That would be a pain in the neck ...
> but if we did find an open-source libcrypt, maybe we could standardize
> on using it in preference to vendor crypts...)
I have no problem running the PostgreSQL server on Solaris and using a FreeBSD client with crypt authentication. Both
systemsuse DES. Problems arise when systems try to work around the US export restrictions and supply MD5 or other weak
encryption. For the same reason, you cannot make strong authentication code available on your website. The best you
cando is provide a pointer to some DES implementation outside the US and instruct users to download and use this one if
theirsystems do not work together. Another alternative is to include MD5 in the distribution, but use the system crypt
bydefault, with a configuration option to switch to MD5. =alex