pgman(at)candle(dot)pha(dot)pa(dot)us (Bruce Momjian) writes:
: OK, I get you now. Why not ask the client to do a crypt and compare
: that to pg_shadow. [...]
You can't trust the client to do the one-way encryption, for then the
encrypted password becomes plaintext-equivalent. (The SMB protocol
apparently suffers or suffered from a similar flaw.)
- FChE