Re: passwords and 7.3 - Mailing list pgsql-general

From Bruce Momjian
Subject Re: passwords and 7.3
Date
Msg-id 200301260211.h0Q2Bs323784@candle.pha.pa.us
Whole thread Raw
In response to Re: passwords and 7.3  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
Tom Lane wrote:
> Gregory Seidman <gss+pg@cs.brown.edu> writes:
> > Incidentally, how do I make an md5 password? I assume the authentication
> > method in pg_hba.conf has to be set to md5, but how do I encrypt the
> > password to put in the passwd field in pg_shadow?
>
> The system does it for you, if you specify ENCRYPTED in the CREATE or
> ALTER USER command that sets the password.  There is also a
> postgresql.conf option that makes ENCRYPTED the default behavior of
> these commands --- which we did not turn on for 7.3, but it will be on
> by default for 7.4, IIRC.

It was not enabled in 7.2 but _was_ enabled in 7.3, so if you just
create the user and specify the clear-text password, you will get it
stored MD5 encrypted in the database.  The only way to store it
plaintext is to specify UNENCRYPTED.

> As of current sources, an MD5-stored password can be used with either
> password or md5 auth protocol --- but AFAICS the only reason you'd want
> to use password (cleartext) protocol would be backwards compatibility
> with ancient client libraries.  (Due to an oversight, 7.3 release
> required you to use md5 protocol with an md5 password; this is fixed for
> 7.3.2, but I don't recall whether it got into 7.3.1 or not.)

Fixed in 7.3.1.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-general by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: passwords and 7.3
Next
From: Bruce Momjian
Date:
Subject: Re: ERROR: No one parent tuple was found