On Mon, 22 Sep 2003, Molly Gibson wrote:
> Hi all,
> I have recently installed Apache/1.3.28 +
> mod_auth_pgsql-0.9.12
> (http://www.giuseppetanzilli.it/mod_auth_pgsql/)
>
> The only way I have been able to get it to
> successfully authenticate against my postgres (7.3.4)
> database is to turn Auth_PG_encrypted off & have
> encryption turned off in postgresql.conf. I am really
> uncomfortable with the idea of having unencrypted user
> passwords laying about, but if I try to use an
> encrypted password from the database, I get 'password
> mismatch'.
I'm personally using mod_auth_pgsql against a user table with encrypted
passwords. To properly encrypt them I am using the contrib pgcrypto
module and something like
UPDATE myusertable
SET passwd = crypt('password', gen_salt('md5'))
WHERE userid = 1;
I don't believe you can use pg_shadow to authenticate against, but some
things to look at are:
- verify that the passwords are encrypted in pg_shadow.
- try changing the value of Auth_PG_hash_type to md5
Kris Jurka