Thread: protocol, md5 authentication
I can't seem to get the md5 authentication to work with the postgres protocol version 3.<br /><br />The docs don't reallysay how to send an authenticated password, just that you need to use the returned salt from the md5 authenticationrequest. <br /><br />I've read somewhere that it needs to work like this:<br /><br />1. Combine password +user.<br />2. MD5 hash the result.<br />3. Add the salt to the end of that.<br />4. Hash the result.<br />5. Add "md5" tothe front of this, so postgres knows it's md5. <br /><br />This hasn't worked for me.<br /><br />What is the correct wayof MD5 authenticating?<br /><br />-Josh<br />
On Wed, Feb 22, 2006 at 08:22:51AM -0600, Josh Close wrote: > What is the correct way of MD5 authenticating? libpq implements it properly. I'd suggest looking at the client source. Also, I *think* I have this working correctly in my PQueue module, so if you don't mind a little Python: import md5 pw = md5.new(self.password + self.keywords['user']).hexdigest() pw = 'md5' + md5.new(pw + authmsg.salt).hexdigest() self.password is the password given by the user. self.keywords['user'] is the user name. authmsg.salt is the salt given by the server. Where 'pw' is sent back to the server in a Password message. (mrm, can't remember if/when I tested this.. =\) -- Regards, James William Pye
"Josh Close" <narshe@gmail.com> writes: > I can't seem to get the md5 authentication to work with the postgres > protocol version 3. Define "work" --- what are you trying to do and what is happening? If you are using any of the standard client libraries such as libpq, the use of password encryption should be completely transparent to you. You certainly do not hand in a pre-encrypted password or anything like that. regards, tom lane
libpq implements it properly. I'd suggest looking at the client source.
Where would that be, in the postgres source? And what file? I'm really not too familiar with C.
Also, I *think* I have this working correctly in my PQueue module, so if you
don't mind a little Python:
import md5
pw = md5.new(self.password + self.keywords['user']).hexdigest()
pw = 'md5' + md5.new (pw + authmsg.salt).hexdigest()
self.password is the password given by the user.
self.keywords['user'] is the user name.
authmsg.salt is the salt given by the server.
Yeah, I love Python. That is actually the way I'm sending it also. I'm connecting via .NET though. I'll have to double check some things.
-Josh
Define "work" --- what are you trying to do and what is happening?
If you are using any of the standard client libraries such as libpq,
the use of password encryption should be completely transparent to
you. You certainly do not hand in a pre-encrypted password or anything
like that.
I'm connecting via a socket and using Postgres protocol version 3. I'll need to encrypt all that myself then.
I must have made a mistake somewhere else in my code, because I think I'm doing the encryption write from what James said in his reply about his python method.
-Josh
On Wed, Feb 22, 2006 at 10:53:45AM -0600, Josh Close wrote: > Where would that be, in the postgres source? And what file? I'm really not > too familiar with C. Yes, in PostgreSQL's source distribution(or CVS). src/interfaces/libpq libpq-auth.c seems like a good place to start. Look for md5 in that file and follow that around. > Yeah, I love Python. That is actually the way I'm sending it also. I'm > connecting via .NET though. I'll have to double check some things. I guessed that you were developing a driver. If that is the case, then I am pretty sure that that should be working. Additionally, make sure the password you are trying works when you connect with trusty ol' psql. If you are not writing a driver, then this should, imo, already be taken care of [by the driver you are using]. -- Regards, James William Pye
James William Pye wrote: > On Wed, Feb 22, 2006 at 10:53:45AM -0600, Josh Close wrote: > > Where would that be, in the postgres source? And what file? I'm really not > > too familiar with C. > > Yes, in PostgreSQL's source distribution(or CVS). > > src/interfaces/libpq > > libpq-auth.c seems like a good place to start. Look for md5 in that file and > follow that around. That code can be seen here: http://projects.commandprompt.com/projects/public/pgsql/browser/trunk/pgsql/src/interfaces/libpq/ -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.