Re: MD5 question?

�a��l �eker wrote:
>
>
>  hi,
>
> I am a little confused on how md5 passwd hashes stored and used
> in PG. There was a discussion on this issue but it was more
> confusing for me. When I create a new user its passwd is stored
> as md5 hashes (I don't know if it related to hba_conf md5 line,
> is it??). My hba_conf requires md5 for all connections. And I
> can connect. Then I change a user's passwd by UPDATE pg_shadow
> set passwd blablabla SQL command to for example 'qwerty' without
> md5 hashing. Then I see the passwd in pg_shadow as clear text
> not md5. But I can still connect by using qwerty and md5
> connection. Here I am confused. When I use update ... is it
> stored as clear-text. If so, when I connect it with md5, is on
> the wire still md5. If so how PG tells clear-text from md5 on
> the server side?
>

You basically can store pg_shadow as MD5-encrypted passwords, or
plaintext.  Both can pass MD5 across the wire.

pg_shadow encryptoin is controlled by the CREATE/ALTER USER ENCRYPTION
PASSWORD option, and in postgresql.conf using password_encryption.

In 7.2, plaintext was default, but in 7.3, encrypted is the default.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073