| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: MD5 authentication needs help |
| Date: | 2015-03-06 15:00:20 |
| Message-ID: | 20150306150020.GB3291@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
> * Josh Berkus (josh(at)agliodbs(dot)com) wrote:
> > > 3) Using the user name for the MD5 storage salt allows the MD5 stored
> > > hash to be used on a different cluster if the user used the same
> > > password.
> >
> > This is a feature as well as a bug. For example, pgBouncer relies on
> > this aspect of md5 auth.
>
> It's not a feature and pgBouncer could be made to not rely on this.
Perhaps one of the requirements of a new auth method should be to allow
middlemen such as connection poolers. It's been over two years since I
had a look, but IIRC pgbouncer had the very ugly requirement of its own
copy of user/passwords in a file, and of course you had to update it
separately if you changed the password in the server. We need to make
it possible for it not to require any such thing.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-03-06 15:07:53 | Re: Clamping reulst row number of joins. |
| Previous Message | Pavel Stehule | 2015-03-06 14:56:50 | Re: [PATCH] Add transforms feature |