> On Jun 23, 2026, at 09:39, Fujii Masao <[email protected]> wrote:
>
> Hi,
>
> While testing md5_password_warnings, I noticed that authentication
> with an MD5-encrypted password emits the expected warning when the HBA
> method is md5, but not when it is password.
>
> Was this intentional, or just an oversight?
>
> I couldn't find any discussion about this, so I put together the
> attached patch. It updates the authentication code to emit the same
> MD5 deprecation connection warning after successful password
> authentication when the stored password is MD5-encrypted.
>
> Thoughts?
>
> Regards,
>
> --
> Fujii Masao
> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch>
Given that the original warning emission was in md5_crypt_verify(), I think it
might be a bit better to keep the two private helpers in crypt.c and add the
warning emission in plain_crypt_verify(), because that function has already
determined the password type and authentication result.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
