From: | Willy-Bas Loos <willybas(at)gmail(dot)com> |
---|---|
To: | Preston de Guise <preston(at)anywebdb(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Programming interfaces when using MD5 authentication |
Date: | 2009-10-02 10:22:35 |
Message-ID: | 1dd6057e0910020322m3f6968d3r66ac0343ac72d551@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi,
I can only answer for the database part. This is on postgres 8.3.8.
The passwords can be checked against the table pg_shadow using this algorithm:
'md5'||md5(<password>||<username>)
HTH,
WBL
On Fri, Oct 2, 2009 at 1:48 AM, Preston de Guise <preston(at)anywebdb(dot)com> wrote:
> Hi,
>
> I apologise in advance if this is considered the wrong list to post onto. I
> couldn't find specific details for joining a DBD::Pg style mailing list so
> I'm hoping this is something that's relatively well known about by general
> PostgreSQL developers anyway.
>
> Using Perl to program interfaces to PostgreSQL, and had previously
> misunderstood how md5 password authentication worked, so I'm now re-doing
> it, but struggling to find out how DBD::Pg might be used to actually
> authenticate by passing an md5 of the password instead of the real thing.
>
> I understand from various reading that the md5 should be a double-process
> consisting of:
>
> phase1 = md5(password <concat> username)
> password_to_use = md5(phase1 <concat> salt)
>
> What I don't understand is how to "extract" the salt required to complete
> the second phase.
>
> Effectively what I'm hoping for is to be able to do something along the
> lines of:
>
> ---------------------------------------------------------------
> #!/usr/local/bin/perl -w
>
> use strict;
> use DBI;
> use Digest::MD5 qw(md5_hex);
> use DBD::Pg;
>
> my $user = "currentuser";
> my $pass = md5_hex("supersecretpassword" . $user);
>
> my $dbh = DBI->connect("dbi:Pg:dbname=monitoring","$user",$pass, {
> PrintError => 1 });
> if (defined($dbh)) {
> $dbh->disconnect();
> print "Successful\n";
> } else {
> print "Failed!!\n";
> }
> ---------------------------------------------------------------
>
> In the above, if I prepend "md5" to the $pass variable I obviously get what
> exactly matches the content of the pg_shadow table entry for the given user
> ... however, either way the connection isn't successful because (from what
> I've been able to discern) I actually need to submit:
>
> md5 <concat> md5($pass <concat> salt)
>
> Can DBD::Pg be used for these connections? If anyone has experience in this
> I'd much appreciate your thoughts or suggestions. (I realise the "connect"
> function is from DBI, but it seems to me that the use of the salt required
> to properly authenticate will be specific somehow to DBD::Pg usage.)
>
> Cheers,
>
> Preston.
>
> --
> Preston de Guise
> http://www.enterprisesystemsbackup.com
>
>
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
--
"Patriotism is the conviction that your country is superior to all
others because you were born in it." -- George Bernard Shaw
From | Date | Subject | |
---|---|---|---|
Next Message | David Fetter | 2009-10-02 12:17:19 | Re: PGDay.EU 2009 - Call for lighting talks |
Previous Message | Hans-Juergen Schoenig | 2009-10-02 10:13:05 | Re: PGDay.EU 2009 - Call for lighting talks |