Re: Re: Encrypting pg_shadow passwords

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> The only reason to add double-crypt is so we can continue to use
> /etc/passwd entries on systems that use crypt() in /etc/passwd.

In the long run, though, we want to drop crypt(3) usage entirely.
It's just too much of a pain in the neck to depend on the C library's
crypt(), for two reasons:

1. It's not in libc on all systems, leading to constant problems when
linking clients, particularly with shared libraries that have to have
a dependency on another shared library because of this.  (Search the
archives for problems about "can't find crypt".  There are many such
reports.)

2. crypt() isn't guaranteed compatible across platforms, meaning that
your clients may be unable to log in anyway.  See for example
http://fts.postgresql.org/db/mw/msg.html?mid=57516

Using our own MD5 (or whatever) code will avoid these problems.
        regards, tom lane