Re: passwords and 7.3

Tom Lane wrote:
> Gregory Seidman <gss+pg(at)cs(dot)brown(dot)edu> writes:
> > Incidentally, how do I make an md5 password? I assume the authentication
> > method in pg_hba.conf has to be set to md5, but how do I encrypt the
> > password to put in the passwd field in pg_shadow?
>
> The system does it for you, if you specify ENCRYPTED in the CREATE or
> ALTER USER command that sets the password. There is also a
> postgresql.conf option that makes ENCRYPTED the default behavior of
> these commands --- which we did not turn on for 7.3, but it will be on
> by default for 7.4, IIRC.

It was not enabled in 7.2 but _was_ enabled in 7.3, so if you just
create the user and specify the clear-text password, you will get it
stored MD5 encrypted in the database. The only way to store it
plaintext is to specify UNENCRYPTED.

> As of current sources, an MD5-stored password can be used with either
> password or md5 auth protocol --- but AFAICS the only reason you'd want
> to use password (cleartext) protocol would be backwards compatibility
> with ancient client libraries. (Due to an oversight, 7.3 release
> required you to use md5 protocol with an md5 password; this is fixed for
> 7.3.2, but I don't recall whether it got into 7.3.1 or not.)

Fixed in 7.3.1.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073