Skip site navigation (1) Skip section navigation (2)

Re: Manually authenticating users in pg_shadow

From: "William Harazim" <wharazim(at)fulcoinc(dot)com>
To: <pgsql-general(at)postgresql(dot)org>
Subject: Re: Manually authenticating users in pg_shadow
Date: 2004-01-28 01:46:10
Message-ID: A1CC9E8EDC33E74C84357A70D46C35C148CA01@barracuda.denville.fulcoinc.com (view raw or flat)
Thread:
Lists: pgsql-general
Ahh, the password || username format of the stored password was the problem. Incidentally, for anyone else not having the md5() function (is that new to 7.5dev?) I was able to accomplish the same thing using 
 
   'md5' || encode( digest(password || username, 'md5'), 'hex' )

Thanks!


-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Tuesday, January 27, 2004 7:55 PM
To: William Harazim
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Manually authenticating users in pg_shadow 


"William Harazim" <wharazim(at)fulcoinc(dot)com> writes:
> Is there a way, having a user entered username and password, to select a si=
> ngle row from pg_shadow which is using md5 password encryption?

I think what you need to know is that the stored passwd field is formed
thus:

	'md5' || md5(password || username);

Substitute this for your crypt() call and you're set.  Don't think you
need the separate step to extract salt (you didn't need it before
either, really).

			regards, tom lane

Responses

pgsql-general by date

Next:From: Brendan JurdDate: 2004-01-28 01:48:26
Subject: Update Default (was: Touch row ?)
Previous:From: Jerome LylesDate: 2004-01-28 01:08:23
Subject: Re: Permission Problems:-)?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group