Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5 - Mailing list pgsql-patches

From Fabien COELHO
Subject Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5
Date
Msg-id Pine.LNX.4.58.0404270926080.28436@sablons.cri.ensmp.fr
Whole thread Raw
In response to Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5 passwords  (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5
Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5
List pgsql-patches
Dear Bruce,

> Yes, the problem is that we used the username for the salt, just like
> FreeBSD does for its MD5 passwords.

Not that I know of on FreeBSD?

shell> uname -a
FreeBSD palo-alto2.ensmp.fr 4.9-STABLE FreeBSD 4.9-STABLE #5: Mon Mar  1 21:31:30 CET 2004
root@palo-alto2.ensmp.fr:/usr/src/sys/compile/IAR2Mi386 

shell> grep coelho /var/yp/master.passwd
coelho:$1$00EacB0I$4kQ/HmqFFQANZP/mxj8ZX0:210:20::0:0:COELHO, Fabien:/users/cri/coelho:/usr/local/bin/bash
          ^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
          salt     some base 64 encoding of 1002 paranoid md5 computations.

Even of the salt is based on the login, the point is that it is stored
separatly, so the system does not rely on the login string to check the
password.

The only other scheme which requires the user password somehow is the HTTP
digest authentification, and AFAIK no one in the world uses it;-)

> The attached patch clears the password field on rename:

By 'clearing' and after a look at the patch, I understand that the access
will be denied after the rename, which is the current behavior anyway;-)

> and adds documention explaining this behavior. I can't think of a
> better solution.

Yes, I'm afraid there is no 'light' fix, other than acknowledging the
fact... Not a big issue.

Thanks,

--
Fabien Coelho - coelho@cri.ensmp.fr

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: subtransactions -- storage manager
Next
From: Bruce Momjian
Date:
Subject: Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5