Re: ODBC and crypted passwords - Mailing list pgsql-interfaces

From Patrick Welche
Subject Re: ODBC and crypted passwords
Date
Msg-id 20000410103613.D1005@quartz.newn.cam.ac.uk
Whole thread Raw
In response to Re: ODBC and crypted passwords  ("Alex Verstak" <averstak@vt.edu>)
List pgsql-interfaces
On Sun, Apr 09, 2000 at 04:22:58PM -0400, Alex Verstak wrote:
> 
> Tom Lane wrote:
> > Hmm.  Can we find a freely-distributable version of libcrypt anywhere?
> > 
> > (Actually, now that I think about it, I'm not entirely sure that crypt()
> > implements exactly the same transformation on every Unix platform.
> > It may be that you have to have a version of crypt() that matches the
> > one on your server's platform.  That would be a pain in the neck ...
> > but if we did find an open-source libcrypt, maybe we could standardize
> > on using it in preference to vendor crypts...)
> 
>   I have no problem running the PostgreSQL server on Solaris and
>   using a FreeBSD client with crypt authentication.  Both systems
>   use DES.  Problems arise when systems try to work around the US
>   export restrictions and supply MD5 or other weak encryption.
>   
>   For the same reason, you cannot make strong authentication code
>   available on your website.  The best you can do is provide
>   a pointer to some DES implementation outside the US and instruct
>   users to download and use this one if their systems do not work
>   together.  Another alternative is to include MD5 in the distribution,
>   but use the system crypt by default, with a configuration option
>   to switch to MD5.

I wonder whether SASL http://asg.web.cmu.edu/sasl/ is worth considering.
AFAICT postgresql would say authenticate userid,password,mechanism, and
sasl replies yes or no, and different mechanisms seem to plug in reasonably
cleanly.

Cheers,

Patrick


pgsql-interfaces by date:

Previous
From: Stephen Davies
Date:
Subject: Re: ODBC and crypted passwords
Next
From: Magnus Hagander
Date:
Subject: RE: ODBC and crypted passwords