| From: | Preston de Guise <preston(at)anywebdb(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Programming interfaces when using MD5 authentication |
| Date: | 2009-10-01 23:48:50 |
| Message-ID: | 55A9AC39-004B-4EFB-9D6C-60555CDC33AD@anywebdb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I apologise in advance if this is considered the wrong list to post
onto. I couldn't find specific details for joining a DBD::Pg style
mailing list so I'm hoping this is something that's relatively well
known about by general PostgreSQL developers anyway.
Using Perl to program interfaces to PostgreSQL, and had previously
misunderstood how md5 password authentication worked, so I'm now re-
doing it, but struggling to find out how DBD::Pg might be used to
actually authenticate by passing an md5 of the password instead of the
real thing.
I understand from various reading that the md5 should be a double-
process consisting of:
phase1 = md5(password <concat> username)
password_to_use = md5(phase1 <concat> salt)
What I don't understand is how to "extract" the salt required to
complete the second phase.
Effectively what I'm hoping for is to be able to do something along
the lines of:
---------------------------------------------------------------
#!/usr/local/bin/perl -w
use strict;
use DBI;
use Digest::MD5 qw(md5_hex);
use DBD::Pg;
my $user = "currentuser";
my $pass = md5_hex("supersecretpassword" . $user);
my $dbh = DBI->connect("dbi:Pg:dbname=monitoring","$user",$pass,
{ PrintError => 1 });
if (defined($dbh)) {
$dbh->disconnect();
print "Successful\n";
} else {
print "Failed!!\n";
}
---------------------------------------------------------------
In the above, if I prepend "md5" to the $pass variable I obviously get
what exactly matches the content of the pg_shadow table entry for the
given user ... however, either way the connection isn't successful
because (from what I've been able to discern) I actually need to submit:
md5 <concat> md5($pass <concat> salt)
Can DBD::Pg be used for these connections? If anyone has experience in
this I'd much appreciate your thoughts or suggestions. (I realise the
"connect" function is from DBI, but it seems to me that the use of the
salt required to properly authenticate will be specific somehow to
DBD::Pg usage.)
Cheers,
Preston.
--
Preston de Guise
http://www.enterprisesystemsbackup.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-10-01 23:51:00 | Re: Weird behavior with "sensitive" cursors. |
| Previous Message | Alvaro Herrera | 2009-10-01 23:44:30 | Re: Procedure for feature requests? |