Thread: PG and login

PG and login

From
"Jarmo Paavilainen"
Date:
Hi,

Where does the backend do its user validation?

If I login with "psql -u" how does the backend take care of the username and
password?

Ive tried to find where it happens without success (using a lot of
elog(DEBUG,...)). (we are talking "password" identification, not "ident",
kerberos or "crypt").

Ive located where the pg_shadow compare happens, but If I give a wrong
username it will not even get that far. "pg_pwd" is never created so I
assume its not used. So how in h*** does pg do it? And where? (which
function?, file? mechanism?).

Im trying to make usernames caseless (yes I enforce that people use
ASCII-only (32-127) in usernames, and yes this is not SQL92).
pgsql-general@postgresql.org

// Jarmo


Re: PG and login

From
Peter Eisentraut
Date:
Jarmo Paavilainen writes:

> Ive located where the pg_shadow compare happens, but If I give a wrong
> username it will not even get that far. "pg_pwd" is never created so I
> assume its not used. So how in h*** does pg do it? And where? (which
> function?, file? mechanism?).

Of interest would be

src/backend/libpq/auth.c: checkPassword()
                  password.c
                  crypt.c

The compare always happens against pg_pwd, which gets created everytime
you create or alter a user with password.

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/


SV: PG and login

From
"Jarmo Paavilainen"
Date:
Thanks,

I had allready played around with those files with elog(DEBUG,...), but
elog(...) did never do any output. But when you confirmed that those were
the files, Ive used fprintf(stderr,...) instead and it worked.

Why does not elog(DEBUG,...) work everywhere?

Well who cares, _NOW_ when I know that its not a problem anymore.

...
> > Ive located where the pg_shadow compare happens, but If I give a wrong
> > username it will not even get that far. "pg_pwd" is never created so I
...
> The compare always happens against pg_pwd, which gets created everytime
> you create or alter a user with password.

Thats odd, for some reason the pg_pwd file did not get created when I tested
my hack. Maybe I broke something :-( I've backuped my changes, and redid
those parts that I _know_ to do what I wanted.

// Jarmo