Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Thu, 21 Apr 2005 16:46:50 -0700 

pgman wrote:
> Stephen Frost wrote:
> -- Start of PGP signed section.
> > * Andrew Dunstan ([EMAIL PROTECTED]) wrote:
> > > The docs say: "only md5 supports encrypted passwords stored in 
> > > pg_shadow; the other two require unencrypted passwords to be stored 
> > > there."  So either your assertion that 'password' auth does not imply 
> > > plaintext password storage is wrong, or the docs are.
> > 
> > The docs are wrong.  Sorry, I knew that and forgot to mention it
> > explicitly previously.  Using 'password' in pg_hba.conf while using
> > 'with encrypted password'/md5 in pg_shadow works just fine.
> > 
> > Just tested here to make 100% sure, under 8.0.1.
> 
> I see the documentation is slightly confusing.  I have applied this
> patch to HEAD and 8.0.X to clarify it.

With the documentation text clarified, this patch fixes the actual
documentation problem that both 'password' and 'md5' supporte encrypted
pg_shadow passwords, while only crypt does not.  Applied to 8.0.X and
HEAD.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.75
diff -c -c -r1.75 client-auth.sgml
*** doc/src/sgml/client-auth.sgml       21 Apr 2005 22:19:19 -0000      1.75
--- doc/src/sgml/client-auth.sgml       21 Apr 2005 22:23:47 -0000
***************
*** 575,583 ****
      The password-based authentication methods are <literal>md5</>,
      <literal>crypt</>, and <literal>password</>. These methods operate
      similarly except for the way that the password is sent across the
!     connection.  However, only <literal>md5</> allows encrypted
!     passwords to be stored in <structname>pg_shadow</structname>;
!     the other two require unencrypted passwords to be stored there.
     </para>
  
     <para>
--- 575,582 ----
      The password-based authentication methods are <literal>md5</>,
      <literal>crypt</>, and <literal>password</>. These methods operate
      similarly except for the way that the password is sent across the
!     connection.  However, <literal>crypt</> does not allow encrypted
!     passwords to be stored in <structname>pg_shadow</structname>.
     </para>
  
     <para>

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Reply via email to