From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Çağıl Şeker <cagils(at)biznet(dot)com(dot)tr> |
Cc: | "PostgreSQL-General-List (E-mail)" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: MD5 question? |
Date: | 2002-12-09 23:08:10 |
Message-ID: | 200212092308.gB9N8Ad07603@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
al eker wrote:
>
>
> hi,
>
> I am a little confused on how md5 passwd hashes stored and used
> in PG. There was a discussion on this issue but it was more
> confusing for me. When I create a new user its passwd is stored
> as md5 hashes (I don't know if it related to hba_conf md5 line,
> is it??). My hba_conf requires md5 for all connections. And I
> can connect. Then I change a user's passwd by UPDATE pg_shadow
> set passwd blablabla SQL command to for example 'qwerty' without
> md5 hashing. Then I see the passwd in pg_shadow as clear text
> not md5. But I can still connect by using qwerty and md5
> connection. Here I am confused. When I use update ... is it
> stored as clear-text. If so, when I connect it with md5, is on
> the wire still md5. If so how PG tells clear-text from md5 on
> the server side?
>
You basically can store pg_shadow as MD5-encrypted passwords, or
plaintext. Both can pass MD5 across the wire.
pg_shadow encryptoin is controlled by the CREATE/ALTER USER ENCRYPTION
PASSWORD option, and in postgresql.conf using password_encryption.
In 7.2, plaintext was default, but in 7.3, encrypted is the default.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Rich Shepard | 2002-12-09 23:19:39 | Re: Is NULL equal to NULL or not? |
Previous Message | Mike Mascari | 2002-12-09 23:06:46 | Re: Is NULL equal to NULL or not? |