Hi -
tgl wrote:
: The 'passwd' mode wouldn't be affected, but the 'crypt' mode would be;
: it would become less secure than it is now, because the server would be
: forced to send the same salt always, and so a captured encrypted
: password would be just as useful as a captured plaintext one. That's
: the step backwards.
Oh, I see finally. You already put a custom little
challenge/response authentication scheme into postgresql,
and want to keep that working. (May I ask when/why that
went in at all? Was lower-layer encryption not an option?)
At least, it looks like the choice of authentication protocol is a
server-side decision. Backward-compatibility for old clients can
be forced by the adminstrator, whether the server switches to
encrypted password storage, and/or to lower-level encryption.
- FChE
