From: | Jim Mercer <jim(at)reptiles(dot)org> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Encrypting pg_shadow passwords |
Date: | 2001-06-26 04:01:03 |
Message-ID: | 20010626000103.J1599@reptiles.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jun 25, 2001 at 11:48:32PM -0400, Bruce Momjian wrote:
> OK, I get you now. Why not ask the client to do a crypt and compare
> that to pg_shadow. It is better than what we have now for 'password'
> authentication because it encrypts pg_shadow.
>
> The big problem is that you can't do 'crypt' authentication once you
> encrypt pg_shadow, unless we do the double-encription thing, and I think
> it is a bigger win for them to use crypt-authentication than to encrypt
> pg_shadow.
my mods do not require encryption of pg_shadow, unless you want to use
my "password pg_shadow" extension. it is then the responsibility of the
dbadmin to do "CREATE USER username WITH PASSWORD '$1$xxxxxx';
(i have a unix_crypt(text, text) function i can put in contrib, as well
as samba_lm_crypt(text) and samba_nt_crypt(text) for anyone interested)
the current code (without my mods) requires the dbadmin to either play
the lottery and store all passwords in plain-text, or to manipulate
external password files, which causes all manner of issues with regards
to updating (changing) the passwords in the external files.
> The wire is clearly less secure than pg_shadow.
ah, you've not had a client rooted lately.
the wire is far more secure than many default OS installations.
i will not argue that the double-encryption stuff, and MD5 type stuff is
better.
however, forcing the dbadmin to store plain-text passwords in pg_shadow
is at best unwise.
giving them the option of my mods is a reasonable step towards allowing
them to avoid that one-stop-shopping facility for crackers, without breaking
any existing implementations for those who chose to walk what i consider
an unsafe path.
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Mercer | 2001-06-26 04:12:46 | Re: Encrypting pg_shadow passwords |
Previous Message | Bruce Momjian | 2001-06-26 04:00:35 | Re: Encrypting pg_shadow passwords |