pgman wrote: > Stephen Frost wrote: > -- Start of PGP signed section. > > * Andrew Dunstan ([EMAIL PROTECTED]) wrote: > > > The docs say: "only md5 supports encrypted passwords stored in > > > pg_shadow; the other two require unencrypted passwords to be stored > > > there." So either your assertion that 'password' auth does not imply > > > plaintext password storage is wrong, or the docs are. > > > > The docs are wrong. Sorry, I knew that and forgot to mention it > > explicitly previously. Using 'password' in pg_hba.conf while using > > 'with encrypted password'/md5 in pg_shadow works just fine. > > > > Just tested here to make 100% sure, under 8.0.1. > > I see the documentation is slightly confusing. I have applied this > patch to HEAD and 8.0.X to clarify it.
With the documentation text clarified, this patch fixes the actual documentation problem that both 'password' and 'md5' supporte encrypted pg_shadow passwords, while only crypt does not. Applied to 8.0.X and HEAD. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Index: doc/src/sgml/client-auth.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v retrieving revision 1.75 diff -c -c -r1.75 client-auth.sgml *** doc/src/sgml/client-auth.sgml 21 Apr 2005 22:19:19 -0000 1.75 --- doc/src/sgml/client-auth.sgml 21 Apr 2005 22:23:47 -0000 *************** *** 575,583 **** The password-based authentication methods are <literal>md5</>, <literal>crypt</>, and <literal>password</>. These methods operate similarly except for the way that the password is sent across the ! connection. However, only <literal>md5</> allows encrypted ! passwords to be stored in <structname>pg_shadow</structname>; ! the other two require unencrypted passwords to be stored there. </para> <para> --- 575,582 ---- The password-based authentication methods are <literal>md5</>, <literal>crypt</>, and <literal>password</>. These methods operate similarly except for the way that the password is sent across the ! connection. However, <literal>crypt</> does not allow encrypted ! passwords to be stored in <structname>pg_shadow</structname>. </para> <para>
---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings