Thread: Re: Re: Proposal for encrypting pg_shadow passwords
Peter Eisentraut <peter_e@gmx.net> writes:
> I don't follow this argument. You added a config option that toggles
> whether to use the old crypt(3) method or the new md5 method.
?? If the config option works like that, I think it's wrong. There
shouldn't *be* a config option, unless it's one that turns off MD5
because the platform hasn't got int64 support. An MD5-enabled server
or client must still be able to do crypt too, in order to speak to
older clients or servers.
regards, tom lane
> Peter Eisentraut <peter_e@gmx.net> writes: > > I don't follow this argument. You added a config option that toggles > > whether to use the old crypt(3) method or the new md5 method. > > ?? If the config option works like that, I think it's wrong. There > shouldn't *be* a config option, unless it's one that turns off MD5 > because the platform hasn't got int64 support. An MD5-enabled server > or client must still be able to do crypt too, in order to speak to > older clients or servers. Sorry, when I said config, I meant pg_hba.conf. Was that unclear? Also, I will replace md5.c with pgcrypto/md5.c. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
On Thu, 16 Aug 2001, Bruce Momjian wrote: > > Peter Eisentraut <peter_e@gmx.net> writes: > > > I don't follow this argument. You added a config option that toggles > > > whether to use the old crypt(3) method or the new md5 method. > > > > ?? If the config option works like that, I think it's wrong. There > > shouldn't *be* a config option, unless it's one that turns off MD5 > > because the platform hasn't got int64 support. An MD5-enabled server > > or client must still be able to do crypt too, in order to speak to > > older clients or servers. > > Sorry, when I said config, I meant pg_hba.conf. Was that unclear? > > Also, I will replace md5.c with pgcrypto/md5.c. what's the difference? Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
> On Thu, 16 Aug 2001, Bruce Momjian wrote: > > > > Peter Eisentraut <peter_e@gmx.net> writes: > > > > I don't follow this argument. You added a config option that toggles > > > > whether to use the old crypt(3) method or the new md5 method. > > > > > > ?? If the config option works like that, I think it's wrong. There > > > shouldn't *be* a config option, unless it's one that turns off MD5 > > > because the platform hasn't got int64 support. An MD5-enabled server > > > or client must still be able to do crypt too, in order to speak to > > > older clients or servers. > > > > Sorry, when I said config, I meant pg_hba.conf. Was that unclear? > > > > Also, I will replace md5.c with pgcrypto/md5.c. > > what's the difference? People say the current md5.c assumes 64bit integers. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026