Skip site navigation (1) Skip section navigation (2)

Re: pgAdmin III 1.6.2 sends plaintext password

From: "Andy Shellam (Mailing Lists)" <andy(dot)shellam-lists(at)mailnetwork(dot)co(dot)uk>
To: patrimith <paddysmith(at)gmail(dot)com>
Cc: pgadmin-support(at)postgresql(dot)org
Subject: Re: pgAdmin III 1.6.2 sends plaintext password
Date: 2007-02-15 21:39:55
Message-ID: 45D4D32B.5090105@mailnetwork.co.uk (view raw or flat)
Thread:
Lists: pgadmin-support
patrimith wrote:
> Andy Shellam (Mailing Lists) wrote:
>   
>> What is the value of "password_encryption" in your PostgreSQL server's 
>> postgresql.conf file?
>>
>> [root(at)byron ~]# cat /endeavour/dbstore/postgresql.conf|grep 
>> 'password_encryption'
>> password_encryption = on
>> [root(at)byron ~]#
>>
>>     
>
> That's the value in my PostgreSQL server's postgresql.conf.
>
> Are you saying that pgAdmin knows the password_encryption setting for the
> server?
>   

I'm not sure, but I'd hazard a guess it's the underlying libpq library 
that during the handshake works out which authentication scheme to use.
How was your user created?  When you add a new login role, it stores the 
encrypted password in the login profile:

CREATE ROLE test LOGIN ENCRYPTED PASSWORD 
'md505a671c66aefea124cc08b76ea6d30bb'
  NOINHERIT
   VALID UNTIL 'infinity';

If the value of password_encryption was set to off when the user was 
created, I'd guess it would create it with a plain-text password (not 
100% sure.)

> I'd like to be able to connect using both plaintext and md5-encrypted
> passwords to the same server depending on the environment in which the
> client lives.
>   

Create a different line in pg_hba.conf for each host environment 
(network IP range), using the relevant "password" or "md5" keyword.

Andy.

In response to

pgadmin-support by date

Next:From: Milen A. RadevDate: 2007-02-15 21:59:21
Subject: Re: fe_sendsuth: no password supplied
Previous:From: patrimithDate: 2007-02-15 21:32:09
Subject: Re: pgAdmin III 1.6.2 sends plaintext password

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group