From: | Thom Brown <thom(at)linux(dot)com> |
---|---|
To: | Michał Koba <toyman(at)poczta(dot)fm> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Comparing md5 hash with md5 password hash |
Date: | 2011-03-02 07:15:31 |
Message-ID: | AANLkTinWkutaa9eU_9qveLK35iGyi679eHvjUiCZSb6Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
2011/3/2 Michał Koba <toyman(at)poczta(dot)fm>
> Hi
>
> We are developing application in Microsoft Access linked via ODBC with
> PostgreSQL 8.2 database. The ODBC Data Source is configured to login using
> single user and password for all users logining to our application in MS.
>
> Now. We need to check out if user that trying to login has valid user
> and password in PostgreSQL database. We are asking tables pg_authid and/or
> pg_shadow for user names and passwords. Passwords in those tables are stored
> in md5. We have following statement to compare password hash with password
> typed by user:
>
> SELECT 1
> FROM pg_authid
> WHERE rolename='<typed_user_name>'
> AND rolpassword='md5'||md5('<typed_user_password>');
>
> But hash generated this way is different than password hash stored in
> pg_authid.
>
> What we are doing wrong ? Is there any possibility to checkout
> passwords in pg_authid table ?
>
> P.S. Sorry for my awfull english.
>
>
s/rolename/rolname/
The password isn't hashed on its own; it's salted with the username, so
you'd really want:
rolpassword = 'md5' || md5('password' || rolname);
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
From | Date | Subject | |
---|---|---|---|
Next Message | chris r. | 2011-03-02 08:35:29 | pg_dump slow with bytea data |
Previous Message | Michał Koba | 2011-03-02 06:42:46 | Comparing md5 hash with md5 password hash |