| From: | Jim Mercer <jim(at)reptiles(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-26 18:49:13 |
| Message-ID: | 20010626144912.E14179@reptiles.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jun 26, 2001 at 11:03:38AM -0400, Bruce Momjian wrote:
> > the fix is for the authentication behaviour, not the adminitrative interface
> > (ie. ALTER USER).
>
> But the fix disables crypt authentication, at least until we do double
> encryption.
only if the dbadmin decides to store crypt'd passwords in pg_shadow.
the code only alters the behaviour of the way the client and server
passwords are compared, if, and only if, the auth type is "password pg_shadow".
the current code does not allow a method for the client to pass clear-text
password, and have it compared to an encrypted pg_shadow.
i consider this broken (especially given the intention of using
"password /some/file").
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Mercer | 2001-06-26 18:50:23 | Re: Re: Encrypting pg_shadow passwords |
| Previous Message | Víctor Romero | 2001-06-26 17:41:28 | Benchmarking |