Thread: MD5 Passwords and user administratio

MD5 Passwords and user administratio

From
Carlos Ortiz
Date:
I am trying to figure out exactly how to set someone's password when using MD5
passwords in postgres.  I am trying to automate some features, and still can't
figure out what I am doing wrong.  MD5 of the password is obviously not wha  is
used by itself, since that would be insecure, but I can't figure out what the
salt is.  What exactly is psotgres passing to the MD5 hash to make up that
incredible  unintelligible stream of characters that it stores in the password
field of the pg_shadow table?

desperate,

Carlos

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com

Re: MD5 Passwords and user administratio

From
Tom Lane
Date:
Carlos Ortiz <ortizc2@yahoo.com> writes:
> I am trying to figure out exactly how to set someone's password when
> using MD5 passwords in postgres.

ALTER USER joe WITH PASSWORD 'secret';

> What exactly is psotgres passing to the MD5 hash to make up that
> incredible unintelligible stream of characters that it stores in the
> password field of the pg_shadow table?

I think the salt is the username --- but you shouldn't write code that
depends on knowing that.  None of the MD5 behavior is considered
user-visible.

            regards, tom lane

Re: MD5 Passwords and user administratio

From
Carlos Ortiz
Date:
Thanx.  Actually, it was a version problem.  Was using 7.2 and it did not do
that automatically.  Spent some time and installed 7.3 from source yesterday.

Thanx for the help

Carlos

--- Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Carlos Ortiz <ortizc2@yahoo.com> writes:
> > I am trying to figure out exactly how to set someone's password when
> > using MD5 passwords in postgres.
>
> ALTER USER joe WITH PASSWORD 'secret';
>
> > What exactly is psotgres passing to the MD5 hash to make up that
> > incredible unintelligible stream of characters that it stores in the
> > password field of the pg_shadow table?
>
> I think the salt is the username --- but you shouldn't write code that
> depends on knowing that.  None of the MD5 behavior is considered
> user-visible.
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com

Re: MD5 Passwords and user administratio

From
"Rob Abernethy IV"
Date:
The username is the salt.

--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460


> I am trying to figure out exactly how to set someone's password when
> using MD5 passwords in postgres.  I am trying to automate some
> features, and still can't figure out what I am doing wrong.  MD5 of
> the password is obviously not wha  is used by itself, since that
> would be insecure, but I can't figure out what the salt is.  What
> exactly is psotgres passing to the MD5 hash to make up that
> incredible  unintelligible stream of characters that it stores in
> the password field of the pg_shadow table?
>
> desperate,
>
> Carlos
>
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>
>     (send "unregister YourEmailAddressHere" to
> majordomo@postgresql.org)