On Tue, 23 Jun 2026 at 10:44, Chao Li <[email protected]> wrote: >> On Jun 23, 2026, at 09:39, Fujii Masao <[email protected]> wrote: >> >> Hi, >> >> While testing md5_password_warnings, I noticed that authentication >> with an MD5-encrypted password emits the expected warning when the HBA >> method is md5, but not when it is password. >> >> Was this intentional, or just an oversight? >> >> I couldn't find any discussion about this, so I put together the >> attached patch. It updates the authentication code to emit the same >> MD5 deprecation connection warning after successful password >> authentication when the stored password is MD5-encrypted. >> >> Thoughts? >> >> Regards, >> >> -- >> Fujii Masao >> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch> > > Given that the original warning emission was in md5_crypt_verify(), I > think it might be a bit better to keep the two private helpers in > crypt.c and add the warning emission in plain_crypt_verify(), because > that function has already determined the password type and > authentication result. > +1
Placing it in plain_crypt_verify() leverages the already-determined type and result, while keeping the helpers internal to crypt.c is cleaner. > Best regards, > -- > Chao Li (Evan) > HighGo Software Co., Ltd. > https://www.highgo.com/ -- Regards, Japin Li ChengDu WenWu Information Technology Co., Ltd.
