Thread: MD5 Passwords and user administratio
I am trying to figure out exactly how to set someone's password when using MD5 passwords in postgres. I am trying to automate some features, and still can't figure out what I am doing wrong. MD5 of the password is obviously not wha is used by itself, since that would be insecure, but I can't figure out what the salt is. What exactly is psotgres passing to the MD5 hash to make up that incredible unintelligible stream of characters that it stores in the password field of the pg_shadow table? desperate, Carlos __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com
Carlos Ortiz <ortizc2@yahoo.com> writes:
> I am trying to figure out exactly how to set someone's password when
> using MD5 passwords in postgres.
ALTER USER joe WITH PASSWORD 'secret';
> What exactly is psotgres passing to the MD5 hash to make up that
> incredible unintelligible stream of characters that it stores in the
> password field of the pg_shadow table?
I think the salt is the username --- but you shouldn't write code that
depends on knowing that. None of the MD5 behavior is considered
user-visible.
regards, tom lane
Thanx. Actually, it was a version problem. Was using 7.2 and it did not do that automatically. Spent some time and installed 7.3 from source yesterday. Thanx for the help Carlos --- Tom Lane <tgl@sss.pgh.pa.us> wrote: > Carlos Ortiz <ortizc2@yahoo.com> writes: > > I am trying to figure out exactly how to set someone's password when > > using MD5 passwords in postgres. > > ALTER USER joe WITH PASSWORD 'secret'; > > > What exactly is psotgres passing to the MD5 hash to make up that > > incredible unintelligible stream of characters that it stores in the > > password field of the pg_shadow table? > > I think the salt is the username --- but you shouldn't write code that > depends on knowing that. None of the MD5 behavior is considered > user-visible. > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com
The username is the salt. -- Robert Abernethy IV Dynamic Edge, Inc. 734.975.0460 > I am trying to figure out exactly how to set someone's password when > using MD5 passwords in postgres. I am trying to automate some > features, and still can't figure out what I am doing wrong. MD5 of > the password is obviously not wha is used by itself, since that > would be insecure, but I can't figure out what the salt is. What > exactly is psotgres passing to the MD5 hash to make up that > incredible unintelligible stream of characters that it stores in > the password field of the pg_shadow table? > > desperate, > > Carlos > > __________________________________________________ > Do you Yahoo!? > New DSL Internet Access from SBC & Yahoo! > http://sbc.yahoo.com > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > > (send "unregister YourEmailAddressHere" to > majordomo@postgresql.org)