Postgres Pro
Downloads
Home   >   mailing lists

Programming interfaces when using MD5 authentication - Mailing list pgsql-general

From Preston de Guise
Subject Programming interfaces when using MD5 authentication
Date
Msg-id 55A9AC39-004B-4EFB-9D6C-60555CDC33AD@anywebdb.com
Whole thread Raw
Responses Re: Programming interfaces when using MD5 authentication
Re: Programming interfaces when using MD5 authentication
List pgsql-general
Tree view 
Hi,

I apologise in advance if this is considered the wrong list to post
onto. I couldn't find specific details for joining a DBD::Pg style
mailing list so I'm hoping this is something that's relatively well
known about by general PostgreSQL developers anyway.

Using Perl to program interfaces to PostgreSQL, and had previously
misunderstood how md5 password authentication worked, so I'm now re-
doing it, but struggling to find out how DBD::Pg might be used to
actually authenticate by passing an md5 of the password instead of the
real thing.

I understand from various reading that the md5 should be a double-
process consisting of:

phase1 = md5(password <concat> username)
password_to_use = md5(phase1 <concat> salt)

What I don't understand is how to "extract" the salt required to
complete the second phase.

Effectively what I'm hoping for is to be able to do something along
the lines of:

---------------------------------------------------------------
#!/usr/local/bin/perl -w

use strict;
use DBI;
use Digest::MD5 qw(md5_hex);
use DBD::Pg;

my $user = "currentuser";
my $pass = md5_hex("supersecretpassword" . $user);

my $dbh = DBI->connect("dbi:Pg:dbname=monitoring","$user",$pass,
{ PrintError => 1 });
if (defined($dbh)) {
    $dbh->disconnect();
    print "Successful\n";
} else {
    print "Failed!!\n";
}
---------------------------------------------------------------

In the above, if I prepend "md5" to the $pass variable I obviously get
what exactly matches the content of the pg_shadow table entry for the
given user ... however, either way the connection isn't successful
because (from what I've been able to discern) I actually need to submit:

md5 <concat> md5($pass <concat> salt)

Can DBD::Pg be used for these connections? If anyone has experience in
this I'd much appreciate your thoughts or suggestions. (I realise the
"connect" function is from DBI, but it seems to me that the use of the
salt required to properly authenticate will be specific somehow to
DBD::Pg usage.)

Cheers,

Preston.

--
Preston de Guise
http://www.enterprisesystemsbackup.com

pgsql-general by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Weird behavior with "sensitive" cursors.
Next
From: Tim Uckun
Date:
Subject: Query not using the indexes properly.