Re: [GENERAL] pg_hba.conf and crypt/password

Sat, 31 Mar 2001 07:43:56 -0800 

On Sat, Mar 31, 2001 at 10:31:36AM +0200, Peter Eisentraut wrote:
> > what i want is for the pg_shadow file to contain encrypted passwords like
> > /etc/passwd, and for the server to encrypt the plain text password handed
> > to it and compare with the crypto-gunge in pg_shadow.
> 
> This is not possible.

i had a look at the code, and figured i wanted similar behaviour for:

host all 127.0.0.1 255.255.255.255 password /dir/passwd.file

but, rather than have a file, i wanted to use pg_shadow with encrypted
passwords.

so the following patch allows for:

host all 127.0.0.1 255.255.255.255 password pg_shadow

where "pg_shadow" is a special key (like "ident sameuser") to set up this
behaviour.

the patch is done in such a way that it will not impact existing installations

-- 
[ Jim Mercer          [EMAIL PROTECTED] ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[ aka                        [EMAIL PROTECTED]              +1 416 410-5633 ]


*** auth.c.orig Fri Mar 30 19:37:08 2001
--- auth.c      Fri Mar 30 19:28:20 2001
***************
*** 695,701 ****
  static int
  checkPassword(Port *port, char *user, char *password)
  {
!       if (port->auth_method == uaPassword && port->auth_arg[0] != '\0')
                return verify_password(port->auth_arg, user, password);
  
        return crypt_verify(port, user, password);
--- 695,702 ----
  static int
  checkPassword(Port *port, char *user, char *password)
  {
!       if (port->auth_method == uaPassword && port->auth_arg[0] != '\0'
!                       && strcmp(port->auth_arg, "pg_shadow") != 0)
                return verify_password(port->auth_arg, user, password);
  
        return crypt_verify(port, user, password);
*** crypt.c.orig        Fri Mar 30 19:38:26 2001
--- crypt.c     Fri Mar 30 19:39:07 2001
***************
*** 280,287 ****
         * authentication method being used for this connection.
         */
  
!       crypt_pwd =
!               (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
  
        if (!strcmp(pgpass, crypt_pwd))
        {
--- 280,294 ----
         * authentication method being used for this connection.
         */
  
!       if (port->auth_method == uaCrypt)
!               crypt_pwd = crypt(passwd, port->salt);
!       else
!       {
!               /* if port->auth_arg, encrypt password from client before compare */
!               if (port->auth_arg[0] != 0)
!                       pgpass = crypt(pgpass, passwd);
!               crypt_pwd = passwd;
!       }
  
        if (!strcmp(pgpass, crypt_pwd))
        {

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Reply via email to