Re: passwords in pg_shadow (duplicate).

Great. We are thinking of how to deal with 'password' when pg_shadow is
MD5 encrypted. I have a patch that allows it to work and it may be in
7.3.1.

---------------------------------------------------------------------------

Terry Yapt wrote:
> First, I have update to the last ODBC driver in odbc.postgresql.org.
>
> My pg_hba.conf was with 'password' method. I have changed it to 'md5', and all was fine now. Even I can connect with a user that has a plain text password (no md5) in pg_shadow... :-O
>
> Thanks...
>
>
> -----Original Message-----
> From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
> To: Terry Yapt <pgsql(at)technovell(dot)com>
> Date: Wed, 4 Dec 2002 14:44:06 -0500 (EST)
> Subject: Re: [GENERAL] passwords in pg_shadow (duplicate).
>
>
> This is normal behavior. With 7.3, when you load your passwords into
> the database, they are automatically converted to MD5 inside the
> database. You can disable this in postgresql.conf using by changing
> password_encryption _before_ you load your data into the database.
>
> The big trick is what ia in your pg_hba.conf file for the ODBC host. If
> it is crypt, there is no way we can make those MD5 passwords match the
> info coming from the client. However, I didn't think ODBC even did
> crypt. Even though the server has MD5-encrypted password stored, the
> 'password' pg_hba.conf method should still work because the server will
> internally MD5 encrypt before comparing to pg_shadow, or at least it
> should and worked in my testing.
>
> Are you using a recent ODBC driver? That may help. Please report back
> your pg_hba.conf setting for the host. Also, MD5 is now the preferred
> method for client connections. Crypt doesn't work anymore (unless you
> modify postgresql.conf). There is no reason to use 'password' plaintext
> anymore.
>
> ---------------------------------------------------------------------------
>
> Terry Yapt wrote:
> >
> > ========================== Hello all,
> >
> > I have "migrate" a test server from 7.2.x to 7.3. All was ok
> > (without regression tests yet), but I have a problem to connect
> > to the server from all my client-odbc applications.
> >
> > I have a: "FATAL: Password authentication failed for user
> > xxxxxx"
> >
> > I have SELECT * from pg_shadow and I noticed about a difference
> > with my 7.2 installation:
> >
> > 7.2 -> Password is text plain.
> > 7.3 -> Password is md5 crypt or
> > something similar.
> >
> > If I change my md5 password from its encryption to plain text,
> > I can connect fine.
> >
> > It is the normal behavior or not ? The users and their passwords
> > come from a pg_dumpall.
> >
> > Thanks a lot.
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an
> > appropriate subscribe-nomail command to majordomo(at)postgresql(dot)org
> > so that your message can get through to the mailing list cleanly
> >
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square, Pennsylvania 19073
>
>
>
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073