Re: mod_auth_pgsql & encryption

On Mon, 22 Sep 2003, Molly Gibson wrote:

> Hi all,
> I have recently installed Apache/1.3.28 +
> mod_auth_pgsql-0.9.12
> (http://www.giuseppetanzilli.it/mod_auth_pgsql/)
>
> The only way I have been able to get it to
> successfully authenticate against my postgres (7.3.4)
> database is to turn Auth_PG_encrypted off & have
> encryption turned off in postgresql.conf.  I am really
> uncomfortable with the idea of having unencrypted user
> passwords laying about, but if I try to use an
> encrypted password from the database, I get 'password
> mismatch'.

I'm personally using mod_auth_pgsql against a user table with encrypted
passwords.  To properly encrypt them I am using the contrib pgcrypto
module and something like

UPDATE myusertable
SET passwd = crypt('password', gen_salt('md5'))
WHERE userid = 1;

I don't believe you can use pg_shadow to authenticate against, but some
things to look at are:

- verify that the passwords are encrypted in pg_shadow.
- try changing the value of Auth_PG_hash_type to md5

Kris Jurka