Skip site navigation (1) Skip section navigation (2)

Re: Newbie confused about pg_hba/md5 and password field

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Scott Dunbar <scott(at)xigole(dot)com>
Cc: pgsql-interfaces(at)postgresql(dot)org
Subject: Re: Newbie confused about pg_hba/md5 and password field
Date: 2002-08-21 21:20:12
Message-ID: 200208212120.g7LLKCQ06492@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-interfaces
Well, if you store your passwords as encrypted in pg_shadow, then only
MD5 will work for authentication.  If you don't encrypt them, you can
use any auth method like 'crypt' or 'password'.

I don't know what authlib is, but it is very possible it doesn't have
this md5 capability.

---------------------------------------------------------------------------

Scott Dunbar wrote:
> Bruce,
> Thanks for the information.  On further testing I indeed cannot 
> reproduce the issue with a standalone program, only with the authlib 
> that I'm trying to get to work.  I did learn that my thinking was wrong 
> though.  I thought the AUTH_TYPE in pg_hba.conf was for transport only, 
> having nothing to do with the encryption used to encrypt passwords in 
> pg_shadow.  That does not appear to be the case as if you use md5 in 
> your pg_shadow and just "password" in your pg_hba.conf file you'll get 
> an error.
> 
> I'll keep digging.  I am confident that my libpg.so is correct as this 
> is a new installation of everything.
> 
> Thanks again for the feedback.
> 
>  
> Bruce Momjian wrote:
> 
> >Sorry, this seems impossible: libpq's PQsetdbLogin() doesn't allow MD5
> >passwords?  You shouldn't have to do anything special;  it should just
> >accept the password.PQconnectdb() has the same handling as
> >PQsetdbLogin().
> >
> >Is it possible your libpq version is older than 7.2.1?
> >
> >---------------------------------------------------------------------------
> >
> >Scott Dunbar wrote:
> >  
> >
> >>Hello,
> >>I'm pretty new to PostgreSQL in general and even newer to libpq.  I am 
> >>trying to get a C program working (the authpgsql module in courier-imap) 
> >>that uses PQsetdbLogin().  I've got 7.2.1 installed and running and have 
> >>had no problem accessing it via JDBC.  I have encrypted passwords in 
> >>pg_shadow and have "md5" set for the AUTH_TYPE in pg_hba.conf.  However, 
> >>when using PQsetdbLogin the only way I could get a login to work was to 
> >>use unencrypted passwords in pg_shadow and change pg_hba.conf to use 
> >>"password" instead of "md5" for the database I want access to through 
> >>authpgsql.
> >>
> >>Why is this?  Do I somehow have to md5 the clear text password before 
> >>calling PQsetdbLogin()?  Does PQconnectdb() handle this and I should 
> >>update the code?  I feel that the client code should be unaware of the 
> >>over the wire encryption method used and the encryption method of the 
> >>password in pg_shadow but I may be way off base on the underlying issue.
> >>
> >>Thanks in advance for any information.
> >>
> >>
> >>
> >>---------------------------(end of broadcast)---------------------------
> >>TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
> >>
> >>    
> >>
> >
> >  
> >
> 
> 
> 
> 
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-interfaces by date

Next:From: Marc G. FournierDate: 2002-08-21 23:16:27
Subject: libpq++ and libpqxx moved to GBorg ...
Previous:From: Scott DunbarDate: 2002-08-21 20:55:30
Subject: Re: Newbie confused about pg_hba/md5 and password field

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group