Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> OK, patch attached. Pretty nifty. Try MD5 first, and if it fails, try
> crypt.
What???
Where did *that* idea come from? If I'm using the new auth method
because I don't think the old one is secure, I sure as heck don't want
an old (or deliberately-broken) client to cause a fallback to a less
secure method.
If MD5 is specified in the config file, and the client doesn't support
it, then you *fail*. Full stop.
regards, tom lane