Re: passwords and 7.3

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: gss+pg(at)cs(dot)brown(dot)edu
Cc: PostgreSQL general mailing list <pgsql-general(at)postgresql(dot)org>
Subject: Re: passwords and 7.3
Date: 2003-01-26 02:09:51
Message-ID: 200301260209.h0Q29pN23647@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Gregory Seidman wrote:
> Tom Lane sez:
> } Gregory Seidman <gss+pg(at)cs(dot)brown(dot)edu> writes:
> } > Tom Lane sez:
> } > } Secondary password files aren't supported anymore as of 7.3. If that's
> } > } not in the release notes, it's a serious oversight :-(
> }
> } > It certainly isn't mentioned in README or INSTALL. Anyhow, how do I take
> } > the existing external password file (which has encrypted passwords) and
> } > put it into the DB?
> }
> } I'm afraid you don't. The encryption method that was used in external
> } files was crypt(3), which we're migrating away from for various reasons,
> } chiefly lack of cross-platform portability. The encryption method
> } that's now supported in pg_shadow entries is MD5.
> }
> } I'd counsel issuing temporary new passwords to all your users and
> } advising them to change them to something of their own choice...
>
> Hmph. I'm not thrilled that the upgrade path here is a dead end. Since
> this particular installation is my own private install, I can (and have)
> put the passwords in plaintext in the pg_shadow table. In the general
> case, however, this disenfranchises anyone relying on the external
> password file to support external users.
>
> Incidentally, how do I make an md5 password? I assume the authentication
> method in pg_hba.conf has to be set to md5, but how do I encrypt the
> password to put in the passwd field in pg_shadow? Am I expected to have
> an md5 app on my system somewhere (I don't)? Is there a tool installed
> with postgresql (I don't see such a thing)?

It isn't mentioned in the MIGRATION section (bad), but is mentioned as
change in the HISTORY file:

Remove secondary password file capability and pg_password utility
(Bruce)

We honestly didn't think anyone was using that secondary password file
anymore. You are the first to report the problem.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Bruce Momjian 2003-01-26 02:11:54 Re: passwords and 7.3
Previous Message Bruce Momjian 2003-01-26 01:58:50 Re: reference to system table