On Fri, 19 Oct 2001, Keary Suska wrote:
> Is anyone aware of FAQs or HowTos for using crypt type authentication and
> storing encrypted passwords?
>
> I am mainly interested in two things: 1) if passwords have to be stored in a
> plain text file (pg_passwd), can they be stored encrypted? and 2) is it
> possible to authenticate with an encrypted password so passwords do not have
> to be shown in plain text in script files?
>
> At least, I would like to dispose of the pg_passwd file, which seemingly
> shouldn't be necessary because of the pg_shadow table.
>
> Keary Suska
> Esoteritech, Inc.
> "Leveraging Open Source for a better Internet"
crypt or md5 authorization in the pg_hba.conf table refers to how the
passwd is sent in the network protocol, not how it is stored in the
pg_shadow table. Choosing one of these options reduces security risks due
to network sniffing.
In version < 7.2, passwords must be stored in the pg_shadow as plaintext.
In version 7.2 (beta very soon), passwords can be stored encrypted (md5,
IIRC). This is not related directly to the above question of the network
protocol; this is just how they're stored.
As for scripts that connect to DB: you have to either (a) prompt the user
for a password (from STDIN or such) or (b) store the password in the
script (or in a file called by script, etc.) Don't see any way around it
(more clever souls might, though.)
pg_passwd exists to allow you to specify tighter controls about who can
connect to the database w/pg_hba.conf. I don't see why you want to dispose
of it.
Paranoid? Use 7.2, store passwords pre-hased in md5. Connect to the DB
using SSL or through an SSH tunnel (as explained in docs), and always
prompt the user for the password from STDIN, not from a script.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Independent Knowledge Management Consultant
