Re: ODBC and crypted passwords
| От | Patrick Welche |
|---|---|
| Тема | Re: ODBC and crypted passwords |
| Дата | |
| Msg-id | 20000410103613.D1005@quartz.newn.cam.ac.uk обсуждение исходный текст |
| Ответ на | Re: ODBC and crypted passwords ("Alex Verstak" <averstak@vt.edu>) |
| Список | pgsql-interfaces |
On Sun, Apr 09, 2000 at 04:22:58PM -0400, Alex Verstak wrote: > > Tom Lane wrote: > > Hmm. Can we find a freely-distributable version of libcrypt anywhere? > > > > (Actually, now that I think about it, I'm not entirely sure that crypt() > > implements exactly the same transformation on every Unix platform. > > It may be that you have to have a version of crypt() that matches the > > one on your server's platform. That would be a pain in the neck ... > > but if we did find an open-source libcrypt, maybe we could standardize > > on using it in preference to vendor crypts...) > > I have no problem running the PostgreSQL server on Solaris and > using a FreeBSD client with crypt authentication. Both systems > use DES. Problems arise when systems try to work around the US > export restrictions and supply MD5 or other weak encryption. > > For the same reason, you cannot make strong authentication code > available on your website. The best you can do is provide > a pointer to some DES implementation outside the US and instruct > users to download and use this one if their systems do not work > together. Another alternative is to include MD5 in the distribution, > but use the system crypt by default, with a configuration option > to switch to MD5. I wonder whether SASL http://asg.web.cmu.edu/sasl/ is worth considering. AFAICT postgresql would say authenticate userid,password,mechanism, and sasl replies yes or no, and different mechanisms seem to plug in reasonably cleanly. Cheers, Patrick
В списке pgsql-interfaces по дате отправления: