Thread: protocol, md5 authentication

protocol, md5 authentication

From
"Josh Close"
Date:
I can't seem to get the md5 authentication to work with the postgres protocol version 3.<br /><br />The docs don't
reallysay how to send an authenticated password, just that you need to use the returned salt from the md5
authenticationrequest. <br /><br />I've read somewhere that it needs to work like this:<br /><br />1. Combine password
+user.<br />2. MD5 hash the result.<br />3. Add the salt to the end of that.<br />4. Hash the result.<br />5. Add "md5"
tothe front of this, so postgres knows it's md5. <br /><br />This hasn't worked for me.<br /><br />What is the correct
wayof MD5 authenticating?<br /><br />-Josh<br /> 

Re: protocol, md5 authentication

From
James William Pye
Date:
On Wed, Feb 22, 2006 at 08:22:51AM -0600, Josh Close wrote:
> What is the correct way of MD5 authenticating?

libpq implements it properly. I'd suggest looking at the client source.


Also, I *think* I have this working correctly in my PQueue module, so if you
don't mind a little Python:
 import md5 pw = md5.new(self.password + self.keywords['user']).hexdigest() pw = 'md5' + md5.new(pw +
authmsg.salt).hexdigest()

self.password is the password given by the user.
self.keywords['user'] is the user name.
authmsg.salt is the salt given by the server.

Where 'pw' is sent back to the server in a Password message.
(mrm, can't remember if/when I tested this.. =\)
-- 
Regards, James William Pye


Re: protocol, md5 authentication

From
Tom Lane
Date:
"Josh Close" <narshe@gmail.com> writes:
> I can't seem to get the md5 authentication to work with the postgres
> protocol version 3.

Define "work" --- what are you trying to do and what is happening?

If you are using any of the standard client libraries such as libpq,
the use of password encryption should be completely transparent to
you.  You certainly do not hand in a pre-encrypted password or anything
like that.
        regards, tom lane


Re: protocol, md5 authentication

From
"Josh Close"
Date:
libpq implements it properly. I'd suggest looking at the client source.

Where would that be, in the postgres source? And what file? I'm really not too familiar with C.

Also, I *think* I have this working correctly in my PQueue module, so if you
don't mind a little Python:

  import md5
  pw = md5.new(self.password + self.keywords['user']).hexdigest()
  pw = 'md5' + md5.new (pw + authmsg.salt).hexdigest()

self.password is the password given by the user.
self.keywords['user'] is the user name.
authmsg.salt is the salt given by the server.

Yeah, I love Python. That is actually the way I'm sending it also. I'm connecting via .NET though. I'll have to double check some things.

-Josh

Re: protocol, md5 authentication

From
"Josh Close"
Date:
Define "work" --- what are you trying to do and what is happening?

If you are using any of the standard client libraries such as libpq,
the use of password encryption should be completely transparent to
you.  You certainly do not hand in a pre-encrypted password or anything
like that.

I'm connecting via a socket and using Postgres protocol version 3. I'll need to encrypt all that myself then.

I must have made a mistake somewhere else in my code, because I think I'm doing the encryption write from what James said in his reply about his python method.

-Josh

Re: protocol, md5 authentication

From
James William Pye
Date:
On Wed, Feb 22, 2006 at 10:53:45AM -0600, Josh Close wrote:
> Where would that be, in the postgres source? And what file? I'm really not
> too familiar with C.

Yes, in PostgreSQL's source distribution(or CVS).

src/interfaces/libpq

libpq-auth.c seems like a good place to start. Look for md5 in that file and
follow that around.

> Yeah, I love Python. That is actually the way I'm sending it also. I'm
> connecting via .NET though. I'll have to double check some things.

I guessed that you were developing a driver. If that is the case, then I am
pretty sure that that should be working. Additionally, make sure the password
you are trying works when you connect with trusty ol' psql.

If you are not writing a driver, then this should, imo, already be taken care of
[by the driver you are using].
-- 
Regards, James William Pye


Re: protocol, md5 authentication

From
Alvaro Herrera
Date:
James William Pye wrote:
> On Wed, Feb 22, 2006 at 10:53:45AM -0600, Josh Close wrote:
> > Where would that be, in the postgres source? And what file? I'm really not
> > too familiar with C.
> 
> Yes, in PostgreSQL's source distribution(or CVS).
> 
> src/interfaces/libpq
> 
> libpq-auth.c seems like a good place to start. Look for md5 in that file and
> follow that around.

That code can be seen here:

http://projects.commandprompt.com/projects/public/pgsql/browser/trunk/pgsql/src/interfaces/libpq/

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.