Re: [GENERAL] db_user_namespace, md5 and changing passwords

Bruce Momjian wrote:
> Magnus Hagander wrote:
>>> I have developed the attached patch, which documents the inability to
>>> use MD5 with db_user_namespace, and throws an error when it is used:
>>>
>>> psql: FATAL: MD5 authentication is not supported when "db_user_namespace" is enabled
>> IMHO it would be much nicer to detect this when we load pg_hba.conf.
>> It's easy to do these days :-P
>>
>> I don't think we need to worry about the "changed postgresql.conf after
>> we changed pg_hba.conf" that much, because we'll always reload
>> pg_hba.conf after the main config file.
>>
>> I'd still leave the runtime check in as well to handle the "loaded one
>> but not the other" case, but let's try prevent the user from loading the
>> broken config file in the first place..
>
> [ Thread moved to hackers. ]
>
> OK, updated patch attached.
>
>
Looks a lot better.

I am unsure of exactly where this thing hacks into the authentication
stream, but is it really only MD5 that fails?

AFAICS, we rewrite what the user puts into the system *before* we do the
authentication. Which I think would break all authentication *except*
password (without md5) and trust, more or less.

//Magnus