| From: | Jim Mercer <jim(at)reptiles(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-15 21:42:22 |
| Message-ID: | 20010615174221.G15040@reptiles.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > In a release or three we could discontinue support for old-style crypt,
> > but I think we must allow a transition period for people to update their
> > clients.
>
> Yes, MD5 is something that probably should be done at the same time to
> minimize disruption.
while we are on the subject of auth and password and crypt, i noticed some
time ago, that there was an inconsistency in the way the auth passwd/crypt
stuff worked.
we have:
host dbname x.x.x.x x.x.x.x password somefile
this method takes a clear-text password from the client, encrypts it
and compares it against the matching second field of "somefile"
ie. somefile is a traditional /etc/passwd style file
i like to think of this as "telnet" authentication, user/passwd in clear text.
server stores pre-encrypted passwords.
and i use it for access from my php scripts, thus avoiding the necessity of
giving "webuser" access to my tables, and setting up some kinda secondary
authentication table.
the docs in pg_hba.conf lead you to believe that if you leave off "somefile",
then it does the same thing, but compares against pg_shadow.
however, and i don't know that this was intentional, but if you leave
"somefile" off, it compares the plain-text user password against the raw
value of the pg_shadow passwd field.
i wanted a behaviour as above, encrypt the clear text, and compare against
the stored pre-encrypted password in pg_shadow.
given that there are many installations which may be using things as they
are, i have created a set of patches which do:
host dbname x.x.x.x x.x.x.x password pg_shadow
(pg_shadow is a "reserved word, similar to the way "sameuser" is used with
ident)
this method takes a clear-text password from the client, encrypts it
and compares it against the password stored in pg_shadow.
this method should not conflict with anyone, except those who actually
want to use a /usr/local/pgsql/data/pg_shadow as their passwd file.
(i seem to recall previous versions actually stored the user data in
that specific file, although it was not in /etc/passwd format)
in my opinion, this method allows you to have pgusers which are wholy
seperate from /etc/passwd users. and allows you to manage them entirely
within postgresql.
you can have a front end which does a
CREATE USER joe WITH PASSWORD 'crypto-gunge';
[ patch attached ]
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2001-06-15 21:47:21 | Re: Encrypting pg_shadow passwords |
| Previous Message | Tom Lane | 2001-06-15 20:04:50 | Re: postgres dies while doing vacuum analyze |