I was just reading the manual on password authentication and
encryption.
In pg_hba.conf you can say either "password", "md5", or "crypt",
and says that controls how it goes over the line.
In create/alter user you can say "encrypted" or "unencrypted",
and it will be stored like that in the database.
Is there some kind of challenge used in case the authentication
is using md5/crypt? In case of password too if it's stored
encrypted?
Is the only case that it doesn't use a challenge maybe the case
it's stored unencrypted and authentication method is password?
Kurt
