We add the username to the md5 hash. See the libpq code for an example,
PQencryptPassword().
---------------------------------------------------------------------------
G. J. Walsh wrote:
> At registration, a user's password is encrypted by php's md5 and stored
> in a client login table.
>
> On login, the client's password as provided in a login form, is run
> through md5 hashing and submitted to the server for authentication.
> Pretty standard stuff!
>
> BUT authentication always fails.
>
> To get a grip on this, I set up a record with a specific password. For
> some reason I cannot understand, the md5 hash written into postgresql
> does not correspond with the echoing back of the hash at login attempts.
>
> In both instances, the hashing is consistent.
>
> The login is performed under ssl. Changing it to run under http makes no
> difference - the hashing remains the same.
>
> The data base provides a character varying(32) column for the hashed
> password.
>
> Can someone help me out of this morass???
>
> Much appreciated!
>
> --
> Sent via pgsql-novice mailing list (pgsql-novice@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-novice
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +