| From: | Jim Mercer <jim(at)reptiles(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-general(at)postgreSQL(dot)org |
| Subject: | Re: pg_hba.conf and crypt/password |
| Date: | 2001-03-31 15:57:27 |
| Message-ID: | 20010331105727.C17851@reptiles.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, Mar 31, 2001 at 10:31:36AM +0200, Peter Eisentraut wrote:
> > what i want is for the pg_shadow file to contain encrypted passwords like
> > /etc/passwd, and for the server to encrypt the plain text password handed
> > to it and compare with the crypto-gunge in pg_shadow.
>
> This is not possible.
i had a look at the code, and figured i wanted similar behaviour for:
host all 127.0.0.1 255.255.255.255 password /dir/passwd.file
but, rather than have a file, i wanted to use pg_shadow with encrypted
passwords.
so the following patch allows for:
host all 127.0.0.1 255.255.255.255 password pg_shadow
where "pg_shadow" is a special key (like "ident sameuser") to set up this
behaviour.
the patch is done in such a way that it will not impact existing installations
--
[ Jim Mercer jim(at)pneumonoultramicroscopicsilicovolcanoconiosis(dot)ca ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ aka jim(at)reptiles(dot)org +1 416 410-5633 ]
*** auth.c.orig Fri Mar 30 19:37:08 2001
--- auth.c Fri Mar 30 19:28:20 2001
***************
*** 695,701 ****
static int
checkPassword(Port *port, char *user, char *password)
{
! if (port->auth_method == uaPassword && port->auth_arg[0] != '\0')
return verify_password(port->auth_arg, user, password);
return crypt_verify(port, user, password);
--- 695,702 ----
static int
checkPassword(Port *port, char *user, char *password)
{
! if (port->auth_method == uaPassword && port->auth_arg[0] != '\0'
! && strcmp(port->auth_arg, "pg_shadow") != 0)
return verify_password(port->auth_arg, user, password);
return crypt_verify(port, user, password);
*** crypt.c.orig Fri Mar 30 19:38:26 2001
--- crypt.c Fri Mar 30 19:39:07 2001
***************
*** 280,287 ****
* authentication method being used for this connection.
*/
! crypt_pwd =
! (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
if (!strcmp(pgpass, crypt_pwd))
{
--- 280,294 ----
* authentication method being used for this connection.
*/
! if (port->auth_method == uaCrypt)
! crypt_pwd = crypt(passwd, port->salt);
! else
! {
! /* if port->auth_arg, encrypt password from client before compare */
! if (port->auth_arg[0] != 0)
! pgpass = crypt(pgpass, passwd);
! crypt_pwd = passwd;
! }
if (!strcmp(pgpass, crypt_pwd))
{
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff | 2001-03-31 16:57:43 | Urgent! how to delete sequence key from pg_class |
| Previous Message | Matthew Rice | 2001-03-31 15:01:22 | Q: Record Updating/Locking in Web Environments |