From: | Patrick Welche <prlw1(at)newn(dot)cam(dot)ac(dot)uk> |
---|---|
To: | pgsql-interfaces(at)postgresql(dot)org |
Subject: | Re: ODBC and crypted passwords |
Date: | 2000-04-10 09:36:13 |
Message-ID: | 20000410103613.D1005@quartz.newn.cam.ac.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
On Sun, Apr 09, 2000 at 04:22:58PM -0400, Alex Verstak wrote:
>
> Tom Lane wrote:
> > Hmm. Can we find a freely-distributable version of libcrypt anywhere?
> >
> > (Actually, now that I think about it, I'm not entirely sure that crypt()
> > implements exactly the same transformation on every Unix platform.
> > It may be that you have to have a version of crypt() that matches the
> > one on your server's platform. That would be a pain in the neck ...
> > but if we did find an open-source libcrypt, maybe we could standardize
> > on using it in preference to vendor crypts...)
>
> I have no problem running the PostgreSQL server on Solaris and
> using a FreeBSD client with crypt authentication. Both systems
> use DES. Problems arise when systems try to work around the US
> export restrictions and supply MD5 or other weak encryption.
>
> For the same reason, you cannot make strong authentication code
> available on your website. The best you can do is provide
> a pointer to some DES implementation outside the US and instruct
> users to download and use this one if their systems do not work
> together. Another alternative is to include MD5 in the distribution,
> but use the system crypt by default, with a configuration option
> to switch to MD5.
I wonder whether SASL http://asg.web.cmu.edu/sasl/ is worth considering.
AFAICT postgresql would say authenticate userid,password,mechanism, and
sasl replies yes or no, and different mechanisms seem to plug in reasonably
cleanly.
Cheers,
Patrick
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2000-04-10 18:19:59 | RE: ODBC and crypted passwords |
Previous Message | Stephen Davies | 2000-04-09 22:57:47 | Re: ODBC and crypted passwords |