Thread: Authentication FAQ or Howto?

Authentication FAQ or Howto?

From
Keary Suska
Date:
Is anyone aware of FAQs or HowTos for using crypt type authentication and
storing encrypted passwords?

I am mainly interested in two things: 1) if passwords have to be stored in a
plain text file (pg_passwd), can they be stored encrypted? and 2) is it
possible to authenticate with an encrypted password so passwords do not have
to be shown in plain text in script files?

At least, I would like to dispose of the pg_passwd file, which seemingly
shouldn't be necessary because of the pg_shadow table.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"


Re: Authentication FAQ or Howto?

From
Joel Burton
Date:
On Fri, 19 Oct 2001, Keary Suska wrote:

> Is anyone aware of FAQs or HowTos for using crypt type authentication and
> storing encrypted passwords?
>
> I am mainly interested in two things: 1) if passwords have to be stored in a
> plain text file (pg_passwd), can they be stored encrypted? and 2) is it
> possible to authenticate with an encrypted password so passwords do not have
> to be shown in plain text in script files?
>
> At least, I would like to dispose of the pg_passwd file, which seemingly
> shouldn't be necessary because of the pg_shadow table.
>
> Keary Suska
> Esoteritech, Inc.
> "Leveraging Open Source for a better Internet"

crypt or md5 authorization in the pg_hba.conf table refers to how the
passwd is sent in the network protocol, not how it is stored in the
pg_shadow table. Choosing one of these options reduces security risks due
to network sniffing.

In version < 7.2, passwords must be stored in the pg_shadow as plaintext.
In version 7.2 (beta very soon), passwords can be stored encrypted (md5,
IIRC). This is not related directly to the above question of the network
protocol;  this is just how they're stored.

As for scripts that connect to DB: you have to either (a) prompt the user
for a password (from STDIN or such) or (b) store the password in the
script (or in a file called by script, etc.) Don't see any way around it
(more clever souls might, though.)

pg_passwd exists to allow you to specify tighter controls about who can
connect to the database w/pg_hba.conf. I don't see why you want to dispose
of it.

Paranoid? Use 7.2, store passwords pre-hased in md5. Connect to the DB
using SSL or through an SSH tunnel (as explained in docs), and always
prompt the user for the password from STDIN, not from a script.


--

Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
Independent Knowledge Management Consultant