| From: | Peter T Mount <peter(at)retep(dot)org(dot)uk> |
|---|---|
| To: | M(dot)Boekhold(at)et(dot)tudelft(dot)nl |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] User authentication bug? |
| Date: | 1998-08-01 08:18:42 |
| Message-ID: | Pine.LNX.3.96.980801091214.946A-100000@maidast.retep.org.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 31 Jul 1998, Maarten Boekhold wrote:
> Hi,
>
> I was having trouble with user authentication, so I submerged myself in
> the source (UTSL ie. Use The Source luke ;) to see if I could figure out
> what I was doing wrong:
>
> While using passwords stored in pg_shadow (pg_user), I cannot connect to
> the backend using the 'password' authentication, I can connect using 'crypt'.
Until recently it was working. I'm not sure when or how it became broken,
as I haven't had things working right since I upgraded the machine a
couple of weeks ago.
> Now, I found from the source that the routines that do crypt checking
> also seem to support plain passwords. But this code is never used,
> because apparently uaCrypt is never set for 'password', while my
> understanding is that this should be set when there is no password-file
> specified in pg_hba.conf.
Thats right. I was looking through this part of the source when
implementing the authentication for JDBC. At that point it was going
though there.
It sounds like it could be higher up may be broken.
> AlthoughcCheckPassword() seems to provide for this, it appears not to be
> working.
>
> Anybody knows what's going on here? I intent to fire up a debugger here
> to see if I can figure out what's wrong, but thought asking first doesn't
> do any harm.
>
> btw. is there anywhere a good description on how control flows during
> this phase of connecting? It all looks very difficult, with lots of
> function pointer being passed around etc.
>
> Maarten
>
> _____________________________________________________________________________
> | TU Delft, The Netherlands, Faculty of Information Technology and Systems |
> | Department of Electrical Engineering |
> | Computer Architecture and Digital Technique section |
> | M(dot)Boekhold(at)et(dot)tudelft(dot)nl |
> -----------------------------------------------------------------------------
>
>
--
Peter T Mount peter(at)retep(dot)org(dot)uk or petermount(at)earthling(dot)net
Main Homepage: http://www.retep.org.uk
PostgreSQL JDBC Faq: http://www.retep.org.uk/postgres
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Hartwig | 1998-08-01 09:19:43 | 6.4 Aggregate Bug |
| Previous Message | Bruce Momjian | 1998-08-01 05:14:52 | Re: AW: [HACKERS] OR clause status report |