Thread: BUG #1134: ALTER USER ... RENAME breaks md5 passwords

BUG #1134: ALTER USER ... RENAME breaks md5 passwords

From
"PostgreSQL Bugs List"
Date:
The following bug has been logged online:

Bug reference:      1134
Logged by:          Fabien COELHO

Email address:      coelho@cri.ensmp.fr

PostgreSQL version: 7.5 Dev

Operating system:   any

Description:        ALTER USER ... RENAME breaks md5 passwords

Details:

If you rename a user with a md5 password, the
password is broken. md5 passwords are the default,
so it means that renaming a user with a password
does not work by default.

This is because the username is used implicitly as salt. This was a bad idea
(tm).

Fixing this has implications on the client/server
protocol for md5 authentication. If you're going
to fix it some day, consider also adding more
characters to the server nonce used in the protocol.