Bruce Momjian wrote: > Magnus Hagander wrote: >>> I have developed the attached patch, which documents the inability to >>> use MD5 with db_user_namespace, and throws an error when it is used: >>> >>> psql: FATAL: MD5 authentication is not supported when >>> "db_user_namespace" is enabled >> IMHO it would be much nicer to detect this when we load pg_hba.conf. >> It's easy to do these days :-P >> >> I don't think we need to worry about the "changed postgresql.conf after >> we changed pg_hba.conf" that much, because we'll always reload >> pg_hba.conf after the main config file. >> >> I'd still leave the runtime check in as well to handle the "loaded one >> but not the other" case, but let's try prevent the user from loading the >> broken config file in the first place.. > > [ Thread moved to hackers. ] > > OK, updated patch attached. > > Looks a lot better.
I am unsure of exactly where this thing hacks into the authentication stream, but is it really only MD5 that fails? AFAICS, we rewrite what the user puts into the system *before* we do the authentication. Which I think would break all authentication *except* password (without md5) and trust, more or less. //Magnus -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
