Re: Encrypting pg_shadow passwords

[ this message is not meant to be completely denigrating to linux. YMMV ]

On Tue, Jun 26, 2001 at 12:17:03AM -0400, Bruce Momjian wrote:
> > > The wire is clearly less secure than pg_shadow.
> >
> > ah, you've not had a client rooted lately.
>
> I think most people would disagree.

depends on the crowd. i get to de-crack several linux boxes a month.

> > the wire is far more secure than many default OS installations.
>
> Maybe time for a new OS. We run on some pretty secure OS's.

i run a fairly tight ship as well.

however, joe blow redhat 6.1 installer who is just following the recipes
and the RPM's wouldn't know a secure OS from a hole in their head.

and Solaris is just insecure by design, lets not talk about Irix.

the design should not assume that the dbadmin has a clue. in fact, it should
assume they don't have a clue.

i challenge you to post "i think storing plain-text passwords on my system
is ok." to NANOG. 8^)

> The big problem is that when we make a change we have to also talk to
> old clients to you would have a pretty complex setup to have 'password'
> encryption passing the same crypt over the wire all the time. If not,
> why not use 'crypt' authentication.

i don't understand the objection to my mods.

crypt authentication requires plain-text passwords stored in pg_shadow.

my stand is that this is not a good idea.

my mods in no way break any existing code, and add another variant on the
existing auth schemes.

i think that any evolution of the auth schemes should depreciate the older
methods, but that backwards compatibility needs to be maintained, even
if the code is disabled by default, and needs a --enable to turn it back on.

--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]