Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

> The solution for encrypting passwords stored in pg_shadow was to encrypt
> them when they are stored in pg_shadow.  When a client wants to connect,
> the pre-encrypted password is encrypted again with a random salt.  The
> pg_shadow salt and random salt are sent to the client where the client
> performs to encryptions --- one with the pg_shadow salt and one with the
> random salt, and sends them back to the postmaster.

Once we encrypt in pg_shadow we will be able to use secondary passwords
with 'crypt' or whatever we call the new authentication protocol.  Prior
to this we couldn't because secondary password files contain encrypted
passwords.


--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026