Re: wrong password accepted

On Fri, Aug 29, 2003 at 02:22:07PM +0100, Sam Barnett-Cormack wrote:
>
> On Fri, 29 Aug 2003, Raphael Bauduin wrote:
>
> > Hi,
> >
> > this is a strange situation I just discovered on a postgresql
> > 7.2.1-2woody2 (Debian as you can see...). I use pg_hba to specify
> > password ahtentications for clients. HEre's the line:
> > host         all         127.0.0.1    255.255.255.0       password  pass-file
> >
> > I just discovered that when I use the correct password to whach I append
> > text, it is accepted (though this is not correct...)
> > For example, if my password is postgres, the following will also be
> > accepted: postgresql, postgresblabla, postgres2 ...... but it will
> > reject postgrex eg.
>
> If the password mechanism uses standard crypt() passwords, then only the
> first eight letters count. It just happens that postgres is eight
> letters long.
>
> This has been a public service educated guess.

It seems this was a good guess. Thanks for this simple and efficient
answer! :-)

Raph