Re: passwords in pg_shadow (duplicate). - Mailing list pgsql-general

From Bruce Momjian
Subject Re: passwords in pg_shadow (duplicate).
Date
Msg-id 200212051701.gB5H1ZE02511@candle.pha.pa.us
Whole thread Raw
In response to Re: passwords in pg_shadow (duplicate).  (Terry Yapt <pgsql@technovell.com>)
List pgsql-general
Great.  We are thinking of how to deal with 'password' when pg_shadow is
MD5 encrypted.  I have a patch that allows it to work and it may be in
7.3.1.


---------------------------------------------------------------------------

Terry Yapt wrote:
> First, I have update to the last ODBC driver in odbc.postgresql.org.
>
> My pg_hba.conf was with 'password' method.  I have changed it to 'md5', and all was fine now.  Even I can connect
witha user that has a plain text password (no md5) in pg_shadow... :-O 
>
> Thanks...
>
>
> -----Original Message-----
> From: Bruce Momjian <pgman@candle.pha.pa.us>
> To: Terry Yapt <pgsql@technovell.com>
> Date: Wed, 4 Dec 2002 14:44:06 -0500 (EST)
> Subject: Re: [GENERAL] passwords in pg_shadow (duplicate).
>
>
> This is normal behavior.  With 7.3, when you load your passwords into
> the database, they are automatically converted to MD5 inside the
> database.  You can disable this in postgresql.conf using by changing
> password_encryption _before_ you load your data into the database.
>
> The big trick is what ia in your pg_hba.conf file for the ODBC host.  If
> it is crypt, there is no way we can make those MD5 passwords match the
> info coming from the client.  However, I didn't think ODBC even did
> crypt.  Even though the server has MD5-encrypted password stored, the
> 'password' pg_hba.conf method should still work because the server will
> internally MD5 encrypt before comparing to pg_shadow, or at least it
> should and worked in my testing.
>
> Are you using a recent ODBC driver?  That may help.  Please report back
> your pg_hba.conf setting for the host.  Also, MD5 is now the preferred
> method for client connections.  Crypt doesn't work anymore (unless you
> modify postgresql.conf).  There is no reason to use 'password' plaintext
> anymore.
>
> ---------------------------------------------------------------------------
>
> Terry Yapt wrote:
> >
> > ========================== Hello all,
> >
> > I have "migrate" a test server from 7.2.x to 7.3. All was ok
> > (without regression tests yet), but I have a problem to connect
> > to the server from all my client-odbc applications.
> >
> > I have a:  "FATAL: Password authentication failed for user
> > xxxxxx"
> >
> > I have SELECT * from pg_shadow and I noticed about a difference
> > with my 7.2 installation:
> >
> > 7.2 -> Password is text plain.
> > 7.3 -> Password is md5 crypt or
> > something similar.
> >
> > If I change my md5 password from its encryption to plain text,
> > I can connect fine.
> >
> > It is the normal behavior or not ? The users and their passwords
> > come from a pg_dumpall.
> >
> > Thanks a lot.
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an
> > appropriate subscribe-nomail command to majordomo@postgresql.org
> > so that your message can get through to the mailing list cleanly
> >
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
>
>
>
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-general by date:

Previous
From: Tino Wildenhain
Date:
Subject: Re: Problem compiling 7.3
Next
From: Bruno Wolff III
Date:
Subject: Re: 7.3 no longer using indexes for LIKE queries