Re: MD5 question?

al eker wrote:
>
>
> hi,
>
> I am a little confused on how md5 passwd hashes stored and used
> in PG. There was a discussion on this issue but it was more
> confusing for me. When I create a new user its passwd is stored
> as md5 hashes (I don't know if it related to hba_conf md5 line,
> is it??). My hba_conf requires md5 for all connections. And I
> can connect. Then I change a user's passwd by UPDATE pg_shadow
> set passwd blablabla SQL command to for example 'qwerty' without
> md5 hashing. Then I see the passwd in pg_shadow as clear text
> not md5. But I can still connect by using qwerty and md5
> connection. Here I am confused. When I use update ... is it
> stored as clear-text. If so, when I connect it with md5, is on
> the wire still md5. If so how PG tells clear-text from md5 on
> the server side?
>

You basically can store pg_shadow as MD5-encrypted passwords, or
plaintext. Both can pass MD5 across the wire.

pg_shadow encryptoin is controlled by the CREATE/ALTER USER ENCRYPTION
PASSWORD option, and in postgresql.conf using password_encryption.

In 7.2, plaintext was default, but in 7.3, encrypted is the default.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073