| From: | "Alex Verstak" <averstak(at)vt(dot)edu> |
|---|---|
| To: | pgsql-interfaces(at)postgresql(dot)org |
| Subject: | Re: ODBC and crypted passwords |
| Date: | 2000-04-09 20:22:58 |
| Message-ID: | 200004092022.QAA09151@averstak.campus.vt.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
Tom Lane wrote:
> Hmm. Can we find a freely-distributable version of libcrypt anywhere?
>
> (Actually, now that I think about it, I'm not entirely sure that crypt()
> implements exactly the same transformation on every Unix platform.
> It may be that you have to have a version of crypt() that matches the
> one on your server's platform. That would be a pain in the neck ...
> but if we did find an open-source libcrypt, maybe we could standardize
> on using it in preference to vendor crypts...)
I have no problem running the PostgreSQL server on Solaris and
using a FreeBSD client with crypt authentication. Both systems
use DES. Problems arise when systems try to work around the US
export restrictions and supply MD5 or other weak encryption.
For the same reason, you cannot make strong authentication code
available on your website. The best you can do is provide
a pointer to some DES implementation outside the US and instruct
users to download and use this one if their systems do not work
together. Another alternative is to include MD5 in the distribution,
but use the system crypt by default, with a configuration option
to switch to MD5.
=alex
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Davies | 2000-04-09 22:57:47 | Re: ODBC and crypted passwords |
| Previous Message | Tom Lane | 2000-04-09 17:31:10 | Re: ODBC and crypted passwords |