Re: passwords in pg_shadow (duplicate). - Mailing list pgsql-general
| From | Bruce Momjian |
|---|---|
| Subject | Re: passwords in pg_shadow (duplicate). |
| Date | |
| Msg-id | 200212051701.gB5H1ZE02511@candle.pha.pa.us Whole thread Raw |
| In response to | Re: passwords in pg_shadow (duplicate). (Terry Yapt <pgsql@technovell.com>) |
| List | pgsql-general |
Great. We are thinking of how to deal with 'password' when pg_shadow is MD5 encrypted. I have a patch that allows it to work and it may be in 7.3.1. --------------------------------------------------------------------------- Terry Yapt wrote: > First, I have update to the last ODBC driver in odbc.postgresql.org. > > My pg_hba.conf was with 'password' method. I have changed it to 'md5', and all was fine now. Even I can connect witha user that has a plain text password (no md5) in pg_shadow... :-O > > Thanks... > > > -----Original Message----- > From: Bruce Momjian <pgman@candle.pha.pa.us> > To: Terry Yapt <pgsql@technovell.com> > Date: Wed, 4 Dec 2002 14:44:06 -0500 (EST) > Subject: Re: [GENERAL] passwords in pg_shadow (duplicate). > > > This is normal behavior. With 7.3, when you load your passwords into > the database, they are automatically converted to MD5 inside the > database. You can disable this in postgresql.conf using by changing > password_encryption _before_ you load your data into the database. > > The big trick is what ia in your pg_hba.conf file for the ODBC host. If > it is crypt, there is no way we can make those MD5 passwords match the > info coming from the client. However, I didn't think ODBC even did > crypt. Even though the server has MD5-encrypted password stored, the > 'password' pg_hba.conf method should still work because the server will > internally MD5 encrypt before comparing to pg_shadow, or at least it > should and worked in my testing. > > Are you using a recent ODBC driver? That may help. Please report back > your pg_hba.conf setting for the host. Also, MD5 is now the preferred > method for client connections. Crypt doesn't work anymore (unless you > modify postgresql.conf). There is no reason to use 'password' plaintext > anymore. > > --------------------------------------------------------------------------- > > Terry Yapt wrote: > > > > ========================== Hello all, > > > > I have "migrate" a test server from 7.2.x to 7.3. All was ok > > (without regression tests yet), but I have a problem to connect > > to the server from all my client-odbc applications. > > > > I have a: "FATAL: Password authentication failed for user > > xxxxxx" > > > > I have SELECT * from pg_shadow and I noticed about a difference > > with my 7.2 installation: > > > > 7.2 -> Password is text plain. > > 7.3 -> Password is md5 crypt or > > something similar. > > > > If I change my md5 password from its encryption to plain text, > > I can connect fine. > > > > It is the normal behavior or not ? The users and their passwords > > come from a pg_dumpall. > > > > Thanks a lot. > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 3: if posting/reading through Usenet, please send an > > appropriate subscribe-nomail command to majordomo@postgresql.org > > so that your message can get through to the mailing list cleanly > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-general by date: