Re: Re: Proposal for encrypting pg_shadow passwords
От | Peter Eisentraut |
---|---|
Тема | Re: Re: Proposal for encrypting pg_shadow passwords |
Дата | |
Msg-id | Pine.LNX.4.30.0108161903120.677-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Re: Re: Proposal for encrypting pg_shadow passwords (Bruce Momjian <pgman@candle.pha.pa.us>) |
Список | pgsql-patches |
Bruce Momjian writes: > OK, here is a new patch that creates a new md5 keyword on pg_hba.conf. > That certainly makes my coding easier, and when I apply the patch to use > larger salt for MD5, there is now a good reason to have a different > keyword. With the old system, they could have used an old client to > reply a sniffed packet, while now, if the host is set to MD5, they have > a much larger namespace with no fallback to crypt. I don't follow this argument. You added a config option that toggles whether to use the old crypt(3) method or the new md5 method. If the old method is enabled then everything works as until now. If the new method is enabled, old clients will fail smoothly. I don't see why you need to introduce a new authentication type token; I thought the idea was to allow this to work transparently. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
В списке pgsql-patches по дате отправления: