> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > OK, patch attached. Pretty nifty. Try MD5 first, and if it fails, try
> > crypt.
>
> What???
>
> Where did *that* idea come from? If I'm using the new auth method
> because I don't think the old one is secure, I sure as heck don't want
> an old (or deliberately-broken) client to cause a fallback to a less
> secure method.
>
> If MD5 is specified in the config file, and the client doesn't support
> it, then you *fail*. Full stop.
But we don't have a new MD5 pg_hba.conf config option. There is only
crypt. Do we want a new one just for MD5? I don't think we considered
crypt to be insecure. The problem was not encrypting pg_shadow.
You are correct that if the password fails, crypt is going to be sent
over the wire.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
