| From: | Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: md5_password_warnings for password auth with MD5-encrypted passwords |
| Date: | 2026-06-23 02:44:16 |
| Message-ID: | B4224E6E-5A93-435C-808E-FCB940492028@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Jun 23, 2026, at 09:39, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
>
> Hi,
>
> While testing md5_password_warnings, I noticed that authentication
> with an MD5-encrypted password emits the expected warning when the HBA
> method is md5, but not when it is password.
>
> Was this intentional, or just an oversight?
>
> I couldn't find any discussion about this, so I put together the
> attached patch. It updates the authentication code to emit the same
> MD5 deprecation connection warning after successful password
> authentication when the stored password is MD5-encrypted.
>
> Thoughts?
>
> Regards,
>
> --
> Fujii Masao
> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch>
Given that the original warning emission was in md5_crypt_verify(), I think it might be a bit better to keep the two private helpers in crypt.c and add the warning emission in plain_crypt_verify(), because that function has already determined the password type and authentication result.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Xuneng Zhou | 2026-06-23 02:44:40 | Re: 048_vacuum_horizon_floor.pl hangs due to wakeup lost inside LockBufferForCleanup |
| Previous Message | Chao Li | 2026-06-23 02:18:11 | Re: [PATCH] Add pg_get_table_ddl() to reconstruct CREATE TABLE statements |