| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Matt Sullivan <matt(at)sullivan(dot)gen(dot)nz>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Serious problem within authentication subsystem in 7.0 |
| Date: | 2000-05-24 22:07:27 |
| Message-ID: | 9141.959206047@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> ... which we do not have, at the moment; there's one password per user
>> per installation,
> No, pg_hba.conf allows per database passwords.
Oh you're right, I had forgotten about that barely-supported hack for
alternate password files.
>> In any case, isn't psql's logic such that it will prompt again if the
>> previous password doesn't work?
> No, it will only prompt you for a password if it notices one is required.
> If that's wrong the connection attempt fails and you can try again (to
> connect). That's reasonable enough I think.
Seems like if it inserts the old password and notices that the error is
'bogus password' then it should prompt you for a new one.
BTW, I notice that there seems to be a nasty portability bug in that
logic: it'll try to "free(prompted_password)" even if prompted_password
is NULL. On a lot of systems that's a recipe for a coredump, or at
least used to be (is everyone ANSI enough now to get this right??)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Brook Milligan | 2000-05-24 22:29:22 | Re: understanding Datum -> char * -> Datum conversions |
| Previous Message | Peter Eisentraut | 2000-05-24 22:00:27 | Re: Solaris 2.6 problems |