Re: md5_password_warnings for password auth with MD5-encrypted passwords

On Tue, 23 Jun 2026 at 10:44, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> wrote:
>> On Jun 23, 2026, at 09:39, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
>>
>> Hi,
>>
>> While testing md5_password_warnings, I noticed that authentication
>> with an MD5-encrypted password emits the expected warning when the HBA
>> method is md5, but not when it is password.
>>
>> Was this intentional, or just an oversight?
>>
>> I couldn't find any discussion about this, so I put together the
>> attached patch. It updates the authentication code to emit the same
>> MD5 deprecation connection warning after successful password
>> authentication when the stored password is MD5-encrypted.
>>
>> Thoughts?
>>
>> Regards,
>>
>> --
>> Fujii Masao
>> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch>
>
> Given that the original warning emission was in md5_crypt_verify(), I
> think it might be a bit better to keep the two private helpers in
> crypt.c and add the warning emission in plain_crypt_verify(), because
> that function has already determined the password type and
> authentication result.
>
+1

Placing it in plain_crypt_verify() leverages the already-determined type and
result, while keeping the helpers internal to crypt.c is cleaner.

> Best regards,
> --
> Chao Li (Evan)
> HighGo Software Co., Ltd.
> https://www.highgo.com/

--
Regards,
Japin Li
ChengDu WenWu Information Technology Co., Ltd.