RE: ODBC and crypted passwords

I did say this some time ago when someone asked about implementing
crypt() in the ODBC driver, the JDBC driver implements crypt() itself
(based on some code I found in Australia, getting round the export
problems).

As for the transformation being different on a few/every Unix platform,
no one has emailed me saying that crypt doesn't work, and I've heared of
people using JDBC with backends on Solaris, Linux, and some must be
using others...

Peter

--
Peter Mount
Enterprise Support
Maidstone Borough Council
Any views stated are my own, and not those of Maidstone Borough Council.

-----Original Message-----
From: Alex Verstak [mailto:averstak(at)vt(dot)edu]
Sent: Sunday, April 09, 2000 9:23 PM
To: pgsql-interfaces(at)postgresql(dot)org
Subject: Re: [INTERFACES] ODBC and crypted passwords

Tom Lane wrote:
> Hmm. Can we find a freely-distributable version of libcrypt anywhere?
>
> (Actually, now that I think about it, I'm not entirely sure that
crypt()
> implements exactly the same transformation on every Unix platform.
> It may be that you have to have a version of crypt() that matches the
> one on your server's platform. That would be a pain in the neck ...
> but if we did find an open-source libcrypt, maybe we could standardize
> on using it in preference to vendor crypts...)

I have no problem running the PostgreSQL server on Solaris and
using a FreeBSD client with crypt authentication. Both systems
use DES. Problems arise when systems try to work around the US
export restrictions and supply MD5 or other weak encryption.

For the same reason, you cannot make strong authentication code
available on your website. The best you can do is provide
a pointer to some DES implementation outside the US and instruct
users to download and use this one if their systems do not work
together. Another alternative is to include MD5 in the distribution,
but use the system crypt by default, with a configuration option
to switch to MD5.

=alex