Skip site navigation (1) Skip section navigation (2)

Re: Encrypting pg_shadow passwords

From: Jim Mercer <jim(at)reptiles(dot)org>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Encrypting pg_shadow passwords
Date: 2001-06-26 04:01:03
Message-ID: 20010626000103.J1599@reptiles.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Jun 25, 2001 at 11:48:32PM -0400, Bruce Momjian wrote:
> OK, I get you now.  Why not ask the client to do a crypt and compare
> that to pg_shadow.  It is better than what we have now for 'password'
> authentication because it encrypts pg_shadow.
> 
> The big problem is that you can't do 'crypt' authentication once you
> encrypt pg_shadow, unless we do the double-encription thing, and I think
> it is a bigger win for them to use crypt-authentication than to encrypt
> pg_shadow.

my mods do not require encryption of pg_shadow, unless you want to use
my "password pg_shadow" extension.  it is then the responsibility of the
dbadmin to do "CREATE USER username WITH PASSWORD '$1$xxxxxx';
(i have a unix_crypt(text, text) function i can put in contrib, as well
as samba_lm_crypt(text) and samba_nt_crypt(text) for anyone interested)

the current code (without my mods) requires the dbadmin to either play
the lottery and store all passwords in plain-text, or to manipulate
external password files, which causes all manner of issues with regards
to updating (changing) the passwords in the external files.

> The wire is clearly less secure than pg_shadow.

ah, you've not had a client rooted lately.

the wire is far more secure than many default OS installations.

i will not argue that the double-encryption stuff, and MD5 type stuff is
better.

however, forcing the dbadmin to store plain-text passwords in pg_shadow
is at best unwise.

giving them the option of my mods is a reasonable step towards allowing
them to avoid that one-stop-shopping facility for crackers, without breaking
any existing implementations for those who chose to walk what i consider
an unsafe path.

-- 
[ Jim Mercer        jim(at)reptiles(dot)org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]

In response to

Responses

pgsql-hackers by date

Next:From: Jim MercerDate: 2001-06-26 04:12:46
Subject: Re: Encrypting pg_shadow passwords
Previous:From: Bruce MomjianDate: 2001-06-26 04:00:35
Subject: Re: Encrypting pg_shadow passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group