Skip site navigation (1) Skip section navigation (2)

Re: Re: Encrypting pg_shadow passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Jim Mercer <jim(at)reptiles(dot)org>, Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Re: Encrypting pg_shadow passwords
Date: 2001-06-26 15:27:51
Message-ID: 3252.993569271@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> The only reason to add double-crypt is so we can continue to use
> /etc/passwd entries on systems that use crypt() in /etc/passwd.

In the long run, though, we want to drop crypt(3) usage entirely.
It's just too much of a pain in the neck to depend on the C library's
crypt(), for two reasons:

1. It's not in libc on all systems, leading to constant problems when
linking clients, particularly with shared libraries that have to have
a dependency on another shared library because of this.  (Search the
archives for problems about "can't find crypt".  There are many such
reports.)

2. crypt() isn't guaranteed compatible across platforms, meaning that
your clients may be unable to log in anyway.  See for example
http://fts.postgresql.org/db/mw/msg.html?mid=57516

Using our own MD5 (or whatever) code will avoid these problems.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2001-06-26 15:31:36
Subject: Re: Re: Encrypting pg_shadow passwords
Previous:From: Bruce MomjianDate: 2001-06-26 15:05:55
Subject: Re: Re: Encrypting pg_shadow passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group