Skip site navigation (1) Skip section navigation (2)

Re: Manually authenticating users in pg_shadow

From: "William Harazim" <wharazim(at)fulcoinc(dot)com>
To: <pgsql-general(at)postgresql(dot)org>
Subject: Re: Manually authenticating users in pg_shadow
Date: 2004-01-28 01:46:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-general
Ahh, the password || username format of the stored password was the problem. Incidentally, for anyone else not having the md5() function (is that new to 7.5dev?) I was able to accomplish the same thing using 
   'md5' || encode( digest(password || username, 'md5'), 'hex' )


-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Tuesday, January 27, 2004 7:55 PM
To: William Harazim
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Manually authenticating users in pg_shadow 

"William Harazim" <wharazim(at)fulcoinc(dot)com> writes:
> Is there a way, having a user entered username and password, to select a si=
> ngle row from pg_shadow which is using md5 password encryption?

I think what you need to know is that the stored passwd field is formed

	'md5' || md5(password || username);

Substitute this for your crypt() call and you're set.  Don't think you
need the separate step to extract salt (you didn't need it before
either, really).

			regards, tom lane


pgsql-general by date

Next:From: Brendan JurdDate: 2004-01-28 01:48:26
Subject: Update Default (was: Touch row ?)
Previous:From: Jerome LylesDate: 2004-01-28 01:08:23
Subject: Re: Permission Problems:-)?

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group