if i use type "crypt", the backend assumes that the client is
handing it an already encrypted passwd, and then compares it to an encrypted
version of pg_shadow->passwd.
and if i use type "password filename", the backend assumes a clear text
password from the client, and then compares an encrypted version of that
to the normal contents of the second field of "filename".
however, if i use type "password", it just does a clear text comparison
of the password from the client and the password in pg_shadow.
attached are patches which allow for a special case type "password pg_shadow",
which similar to supplying a filename, actually encrypts the cleartext
password from the client, and compares it to the normal contents of pg_shadow.
this allows the storage of encrypted passwords in pg_shadow.
i was unable to determine any other way of not storing clear text passwords
in pg_shadow.
i implemented this in such a way that it will not impact existing
installations.
--
[ Jim Mercer [EMAIL PROTECTED] ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ aka [EMAIL PROTECTED] +1 416 410-5633 ]
*** auth.c.orig Fri Mar 30 19:37:08 2001
--- auth.c Fri Mar 30 19:28:20 2001
***************
*** 695,701 ****
static int
checkPassword(Port *port, char *user, char *password)
{
! if (port->auth_method == uaPassword && port->auth_arg[0] != '\0')
return verify_password(port->auth_arg, user, password);
return crypt_verify(port, user, password);
--- 695,702 ----
static int
checkPassword(Port *port, char *user, char *password)
{
! if (port->auth_method == uaPassword && port->auth_arg[0] != '\0'
! && strcmp(port->auth_arg, "pg_shadow") != 0)
return verify_password(port->auth_arg, user, password);
return crypt_verify(port, user, password);
*** crypt.c.orig Fri Mar 30 19:38:26 2001
--- crypt.c Fri Mar 30 19:39:07 2001
***************
*** 280,287 ****
* authentication method being used for this connection.
*/
! crypt_pwd =
! (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
if (!strcmp(pgpass, crypt_pwd))
{
--- 280,294 ----
* authentication method being used for this connection.
*/
! if (port->auth_method == uaCrypt)
! crypt_pwd = crypt(passwd, port->salt);
! else
! {
! /* if port->auth_arg, encrypt password from client before compare */
! if (port->auth_arg[0] != 0)
! pgpass = crypt(pgpass, passwd);
! crypt_pwd = passwd;
! }
if (!strcmp(pgpass, crypt_pwd))
{
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
