
I apologise in advance if this is considered the wrong list to post onto. I couldn't find specific details for joining a DBD::Pg style mailing list so I'm hoping this is something that's relatively well known about by general PostgreSQL developers anyway.

Using Perl to program interfaces to PostgreSQL, and had previously misunderstood how md5 password authentication worked, so I'm now re- doing it, but struggling to find out how DBD::Pg might be used to actually authenticate by passing an md5 of the password instead of the real thing.

I understand from various reading that the md5 should be a double- process consisting of:

phase1 = md5(password <concat> username)
password_to_use = md5(phase1 <concat> salt)

What I don't understand is how to "extract" the salt required to complete the second phase.

Effectively what I'm hoping for is to be able to do something along the lines of:

#!/usr/local/bin/perl -w

use strict;
use DBI;
use Digest::MD5 qw(md5_hex);
use DBD::Pg;

my $user = "currentuser";
my $pass = md5_hex("supersecretpassword" . $user);

my $dbh = DBI->connect("dbi:Pg:dbname=monitoring","$user",$pass, { PrintError => 1 });
if (defined($dbh)) {
        print "Successful\n";
} else {
        print "Failed!!\n";

In the above, if I prepend "md5" to the $pass variable I obviously get what exactly matches the content of the pg_shadow table entry for the given user ... however, either way the connection isn't successful because (from what I've been able to discern) I actually need to submit:

md5 <concat> md5($pass <concat> salt)

Can DBD::Pg be used for these connections? If anyone has experience in this I'd much appreciate your thoughts or suggestions. (I realise the "connect" function is from DBI, but it seems to me that the use of the salt required to properly authenticate will be specific somehow to DBD::Pg usage.)



Preston de Guise

Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:

Reply via email to