Re: Encrypting pg_shadow passwords

Поиск
Список
Период
Сортировка
От Lincoln Yeoh
Тема Re: Encrypting pg_shadow passwords
Дата
Msg-id 3.0.5.32.20010625143451.00841620@192.228.128.13
обсуждение исходный текст
Ответ на Re: Encrypting pg_shadow passwords  (Jim Mercer <jim@reptiles.org>)
Ответы Re: Encrypting pg_shadow passwords  (Jim Mercer <jim@reptiles.org>)
Re: Encrypting pg_shadow passwords  (Bruce Momjian <pgman@candle.pha.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
At 12:51 AM 26-06-2001 -0400, Jim Mercer wrote:

>my mods are server-side only.
>
>to rewind a bit.
>
>my mods correct this by doing:
>
>with an AUTH_ARGUMENT == "pg_shadow", the process is:
>tmp_pwd = crypt(client->passwd, pg_shadow->passwd)
>if strcmp(tmp_pwd, pg_shadow->passwd) == 0
>   access allowed
>else
>   access not allowed
>
>this is not so much an enhancement, but a correction of what i think the
>original "password" authentication scheme was supposed to allow.
>

Yep it's a correction. pg_shadow shouldn't have been in plaintext in the
first place.
host all 127.0.0.1 255.255.255.255 password 
should have meant check crypted passwords in pg_shadow.

Given your suggestion, what happens when someone does an ALTER USER ...
WITH PASSWORD ....? 

Might it be too late to do a fix? 

HMAC sounds interesting. What would the impact be on stuff like Pg DBD?

Cheerio,
Link.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Lincoln Yeoh
Дата:
Сообщение: Re: Encrypting pg_shadow passwords
Следующее
От: Tatsuo Ishii
Дата:
Сообщение: Re: stuck spin lock with many concurrent users