| From: | Jim Mercer <jim(at)reptiles(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-26 04:51:21 |
| Message-ID: | 20010626005120.N1599@reptiles.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jun 26, 2001 at 12:36:43AM -0400, Bruce Momjian wrote:
> > > The big problem is that when we make a change we have to also talk to
> > > old clients to you would have a pretty complex setup to have 'password'
> > > encryption passing the same crypt over the wire all the time. If not,
> > > why not use 'crypt' authentication.
> >
> > i don't understand the objection to my mods.
> >
> > crypt authentication requires plain-text passwords stored in pg_shadow.
> >
> > my stand is that this is not a good idea.
> >
> > my mods in no way break any existing code, and add another variant on the
> > existing auth schemes.
> >
> > i think that any evolution of the auth schemes should depreciate the older
> > methods, but that backwards compatibility needs to be maintained, even
> > if the code is disabled by default, and needs a --enable to turn it back on.
>
> OK, your mods are going to have to propogate to all clients. Older
> clients can't use this scheme,
my mods are server-side only.
to rewind a bit.
the existing implementation of:
host dbname ipaddr netmask password
says:
# password: Authentication is done by matching a password supplied
# in clear by the host. If AUTH_ARGUMENT is specified then
# the password is compared with the user's entry in that
# file (in the $PGDATA directory). These per-host password
# files can be maintained with the pg_passwd(1) utility.
# If no AUTH_ARGUMENT appears then the password is compared
# with the user's entry in the pg_shadow table.
this description is a tad misleading.
with an AUTH_ARGUMENT, the process is:
tmp_pwd = crypt(client->passwd, AUTH_ARGUMENT->passwd)
if strcmp(tmp_pwd, AUTH_ARGUMENT->passwd) == 0
access allowed
else
access not allowed
without an AUTH_ARGUMENT, the process is:
if strcmp(client->passwd, pg_shadow->passwd) == 0
access allowed
else
access not allowed
my mods correct this by doing:
with an AUTH_ARGUMENT == "pg_shadow", the process is:
tmp_pwd = crypt(client->passwd, pg_shadow->passwd)
if strcmp(tmp_pwd, pg_shadow->passwd) == 0
access allowed
else
access not allowed
this is not so much an enhancement, but a correction of what i think the
original "password" authentication scheme was supposed to allow.
> and once we have double-encryption, what advantage does this have?
once we have it, cool. as long as the passwords are not stored plain-text.
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-06-26 04:56:04 | Re: Encrypting pg_shadow passwords |
| Previous Message | Jim Mercer | 2001-06-26 04:38:24 | Re: Encrypting pg_shadow passwords |