Tom Lane wrote:
> Gregory Seidman <gss+pg@cs.brown.edu> writes:
> > Incidentally, how do I make an md5 password? I assume the authentication
> > method in pg_hba.conf has to be set to md5, but how do I encrypt the
> > password to put in the passwd field in pg_shadow?
>
> The system does it for you, if you specify ENCRYPTED in the CREATE or
> ALTER USER command that sets the password. There is also a
> postgresql.conf option that makes ENCRYPTED the default behavior of
> these commands --- which we did not turn on for 7.3, but it will be on
> by default for 7.4, IIRC.
It was not enabled in 7.2 but _was_ enabled in 7.3, so if you just
create the user and specify the clear-text password, you will get it
stored MD5 encrypted in the database. The only way to store it
plaintext is to specify UNENCRYPTED.
> As of current sources, an MD5-stored password can be used with either
> password or md5 auth protocol --- but AFAICS the only reason you'd want
> to use password (cleartext) protocol would be backwards compatibility
> with ancient client libraries. (Due to an oversight, 7.3 release
> required you to use md5 protocol with an md5 password; this is fixed for
> 7.3.2, but I don't recall whether it got into 7.3.1 or not.)
Fixed in 7.3.1.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073