Postgres Pro
Downloads
Home   >   mailing lists

Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date
Msg-id 200504212220.j3LMK5P00256@candle.pha.pa.us
Whole thread Raw
In response to Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Tree view 
Stephen Frost wrote:
-- Start of PGP signed section.
> * Andrew Dunstan (andrew@dunslane.net) wrote:
> > The docs say: "only md5 supports encrypted passwords stored in
> > pg_shadow; the other two require unencrypted passwords to be stored
> > there."  So either your assertion that 'password' auth does not imply
> > plaintext password storage is wrong, or the docs are.
>
> The docs are wrong.  Sorry, I knew that and forgot to mention it
> explicitly previously.  Using 'password' in pg_hba.conf while using
> 'with encrypted password'/md5 in pg_shadow works just fine.
>
> Just tested here to make 100% sure, under 8.0.1.

I see the documentation is slightly confusing.  I have applied this
patch to HEAD and 8.0.X to clarify it.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.74
diff -c -c -r1.74 client-auth.sgml
*** doc/src/sgml/client-auth.sgml    9 Apr 2005 03:52:43 -0000    1.74
--- doc/src/sgml/client-auth.sgml    21 Apr 2005 22:18:42 -0000
***************
*** 575,582 ****
      The password-based authentication methods are <literal>md5</>,
      <literal>crypt</>, and <literal>password</>. These methods operate
      similarly except for the way that the password is sent across the
!     connection.  But only <literal>md5</> supports encrypted
!     passwords stored in <structname>pg_shadow</structname>;
      the other two require unencrypted passwords to be stored there.
     </para>

--- 575,582 ----
      The password-based authentication methods are <literal>md5</>,
      <literal>crypt</>, and <literal>password</>. These methods operate
      similarly except for the way that the password is sent across the
!     connection.  However, only <literal>md5</> allows encrypted
!     passwords to be stored in <structname>pg_shadow</structname>;
      the other two require unencrypted passwords to be stored there.
     </para>

pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Next
From: Stephen Frost
Date:
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords