From: | Jim Mercer <jim(at)reptiles(dot)org> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Encrypting pg_shadow passwords |
Date: | 2001-06-26 04:12:46 |
Message-ID: | 20010626001245.K1599@reptiles.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jun 26, 2001 at 12:00:35AM -0400, Bruce Momjian wrote:
> One good point you have is what do we do with 'password' authentication
> once we encrypt pg_shadow. My guess is that we just disallow it. It is
> insecure and was only there for clients that couldn't do crypt. They
> all have that now. It should just go away. We kept it around for the
> secondary password file but those secondary password files are the same
> once pg_shadow is encrypted.
i would be content if the API allowed me to pass it a plain-text password,
and that was compared against pg_shadow, where the password is stored
encrypted.
at this point in time, i do not see a method of doing that without my mods
or using external password files.
if the API as above existed, then i would be happy to see "password" go away
(although it should be depreciated to a --enable option, otherwise you are
going to ruin a bunch of existing code).
> One item of my plan is that you can encrypt individual users. You don't
> have to do them all at once in case you have older clients for some
> users but not others.
it would be nice (in my opinion) if you could have multiple (cascade) entries
in pg_hba.conf.
and a flag in pg_shadow to "appoint" a blessed scheme.
ie. if a user identd's ok, and the identd flag is set in pg_shadow, then
it is ok. otherwise, move on to the next pg_hba.conf entry.
the reasoning for this is that i (and i assume others) have two classes of
access. some type of authenticated client/user and scripts.
hardcoding passwords in scripts is just wrong.
i sometimes have "localhost" set up on ident, and non-localhost on some
type of passord/crypt type thing. but i don't want to allow all local users
access via ident.
i recognize that some of this can be done with the ident mapping facility,
but again, that is an external file, and thus presents management issues.
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2001-06-26 04:17:03 | Re: Encrypting pg_shadow passwords |
Previous Message | Jim Mercer | 2001-06-26 04:01:03 | Re: Encrypting pg_shadow passwords |