Re: passwords in pg_shadow (duplicate).

Bruce Momjian wrote:
>
>
> This is normal behavior.  With 7.3, when you load your passwords into
> the database, they are automatically converted to MD5 inside the
> database.  You can disable this in postgresql.conf using by changing
> password_encryption _before_ you load your data into the database.
>
> The big trick is what ia in your pg_hba.conf file for the ODBC host.  If
> it is crypt, there is no way we can make those MD5 passwords match the
> info coming from the client.  However, I didn't think ODBC even did
> crypt.  Even though the server has MD5-encrypted password stored, the
> 'password' pg_hba.conf method should still work because the server will
> internally MD5 encrypt before comparing to pg_shadow, or at least it
> should and worked in my testing.

It doesn't work here and I see the following in src/libpq/crypt.c.

        /* If they encrypt their password, force MD5 */
        if (isMD5(passwd) && port->auth_method != uaMD5)
        {
                elog(LOG, "Password is stored MD5 encrypted.  "
                         "'password' and 'crypt' auth methods cannot be
used.");
                return STATUS_ERROR;
        }

As far as I see, 7.3 forces the use of md5 authentication
implicitly rather than recommending it. Please document
it clearly on the top of the main documents. Otherwise
users would be confused pointlessly.

regards,
Hiroshi Inoue