Peter Eisentraut <[EMAIL PROTECTED]> writes:
> Whatever you do, please wait till I've finished the "authenticate after
> fork" change. (this weekend?)
Oh, are you doing that? I thought you weren't convinced it was a good
idea ...
regards, tom lane
-
On Fri, 15 Jun 2001, Vince Vielhaber wrote:
> On Fri, 15 Jun 2001, Tom Lane wrote:
>
> > Vince Vielhaber <[EMAIL PROTECTED]> writes:
> > >> More to the point, how does the postmaster know that it's now dealing
> > >> with encrypted passwords and must use the double-salt auth method?
> >
> > > The
On Fri, 15 Jun 2001, Tom Lane wrote:
> Vince Vielhaber <[EMAIL PROTECTED]> writes:
> >> More to the point, how does the postmaster know that it's now dealing
> >> with encrypted passwords and must use the double-salt auth method?
>
> > The first three characters are md5 in the code I sent Bruce.
Vince Vielhaber <[EMAIL PROTECTED]> writes:
>> More to the point, how does the postmaster know that it's now dealing
>> with encrypted passwords and must use the double-salt auth method?
> The first three characters are md5 in the code I sent Bruce.
Uh ... so if I use a password that starts with
On Fri, 15 Jun 2001, Peter Eisentraut wrote:
> Bruce Momjian writes:
>
> > People have complained that we store passwords unencrypted in pg_shadow.
> > Long ago we agreed to a solution and I am going to try to implement that
> > next.
>
> Whatever you do, please wait till I've finished the "aut
On Fri, 15 Jun 2001, Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > I think the script idea may be best but it will have to be saved
> > somewhere so once you run it all future password changes are encrypted
> > in pg_shadow.
>
> More to the point, how does the postmaster know th
On Fri, 15 Jun 2001, Bruce Momjian wrote:
> > > Migrating old sites to encrypted pg_shadow passwords should be easy if a
> > > trigger on pg_shadow will look for unencrypted INSERTs and encrypt them.
> >
> > If encrypting pg_shadow will break the old-style crypt method, then I
> > think forcing a
Bruce Momjian <[EMAIL PROTECTED]> writes:
> I think the script idea may be best but it will have to be saved
> somewhere so once you run it all future password changes are encrypted
> in pg_shadow.
More to the point, how does the postmaster know that it's now dealing
with encrypted passwords and
Bruce Momjian <[EMAIL PROTECTED]> writes:
> The problem is for older clients. Do I need to create a new encryption
> type for this double-encryption? Seems we do.
Hmm ... AFAIR that old discussion, backwards compatibility was not
thought about at all :-(
> The bigger problem is how usernames e
