On 6 Feb 2015 4:04 PM, Michael Nolan wrote:
>
> Encrypted passwords are kept in the pg_shadow file and should start with 'md5'.
>
> Just save a copy of the encrypted password for that user and when you
> want to re-enable that user do:
>
> alter user xxx encrypted password 'md5xxxxxxxx';
>
> I have tested this on 9.3.5.
That’s basically what I tried before, though I just string-reversed the
MD5 hash so that I could un-reverse it. I also prefixed “md5” with '-'
so I could tell which passwords were scrambled.
What I found was that a “suspended” user could still log in, though.
I looked for some control to “reload” the passwords from that datastore
but couldn’t find any.
I also did this on pg_authid; would that have made a difference?
-FG
