| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Molly Gibson <molly_gibson2002(at)yahoo(dot)com> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: mod_auth_pgsql & encryption |
| Date: | 2003-09-25 16:16:26 |
| Message-ID: | Pine.LNX.4.33.0309251204350.22806-100000@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 22 Sep 2003, Molly Gibson wrote:
> Hi all,
> I have recently installed Apache/1.3.28 +
> mod_auth_pgsql-0.9.12
> (http://www.giuseppetanzilli.it/mod_auth_pgsql/)
>
> The only way I have been able to get it to
> successfully authenticate against my postgres (7.3.4)
> database is to turn Auth_PG_encrypted off & have
> encryption turned off in postgresql.conf. I am really
> uncomfortable with the idea of having unencrypted user
> passwords laying about, but if I try to use an
> encrypted password from the database, I get 'password
> mismatch'.
I'm personally using mod_auth_pgsql against a user table with encrypted
passwords. To properly encrypt them I am using the contrib pgcrypto
module and something like
UPDATE myusertable
SET passwd = crypt('password', gen_salt('md5'))
WHERE userid = 1;
I don't believe you can use pg_shadow to authenticate against, but some
things to look at are:
- verify that the passwords are encrypted in pg_shadow.
- try changing the value of Auth_PG_hash_type to md5
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Esger Abbink | 2003-09-25 16:17:30 | Re: data directory growing huge |
| Previous Message | Alvaro Herrera | 2003-09-25 15:40:04 | Re: German translation of PostgreSQL documentation |