Thanks Tom, You're my hero!
However I must be doing something wrong. This is what I do:
"md5" + MD5( MD5(Password + UserName) + Salt)
Is this a correct interpretation of your explanation? (To this I
still need to add the zero byte for termination, isn't it? That's
what I'm doing now anyway.)
>"M. Bastin" <marcbastin@mindspring.com> writes:
>> How do I send an MD5 password to pgsql? (I'm programming my own front-end)
>> Pgsql provides a 4-byte 'salt', that you must somehow use with your
>> password for MD5. The trouble is, I don't know how.
>
>Step 1: compute 32-byte MD5 checksum of cleartext password concatenated
>with username. (BTW this checksum, with "md5" on the front, is what is
>actually stored in pg_shadow.)
>
>Step 2: compute 32-byte MD5 checksum of the 32-byte result of step 1
>concatenated with the 4-byte salt from the server. Stick "md5" on the
>front and send it to the server.
>
> regards, tom lane
