database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-13 07:41:39 +03:00
Code Activity

Use MD5 for wire protocol encryption for >= 7.2 client/server.

Browse Source 
Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.
This commit is contained in:
Bruce Momjian
2001-08-15 18:42:16 +00:00
parent 397f65d102
commit 38bb1abcda
27 changed files with 353 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/src/sgml/client-auth.sgml
View File

@ -1,4 +1,4 @@
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.15 2001/08/01 23:25:39 tgl Exp $ -->
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.16 2001/08/15 18:42:14 momjian Exp $ -->
<chapter id="client-authentication">
<title>Client Authentication</title>
@ -205,11 +205,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<para>
Like the <literal>password</literal> method, but the password
is sent over the wire encrypted using a simple
challenge-response protocol. This is still not
cryptographically secure but it protects against incidental
challenge-response protocol. This protects against incidental
wire-sniffing. The name of a file may follow the
<literal>crypt</literal> keyword that contains a list of users
that this record pertains to.
<literal>crypt</literal> keyword. It contains a list of users
for this record.
</para>
</listitem>
</varlistentry>

4
doc/src/sgml/protocol.sgml
View File

@ -1,4 +1,4 @@
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.18 2001/06/22 23:27:48 petere Exp $ -->
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.19 2001/08/15 18:42:14 momjian Exp $ -->
<chapter id="protocol">
<title>Frontend/Backend Protocol</title>
@ -1295,7 +1295,7 @@ EncryptedPasswordPacket (F)
</Term>
<ListItem>
<Para>
The encrypted (using crypt()) password.
The encrypted (using MD5 or crypt()) password.
</Para>
</ListItem>
</VarListEntry>

9
doc/src/sgml/ref/alter_user.sgml
View File

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.14 2001/07/10 22:09:27 tgl Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.15 2001/08/15 18:42:14 momjian Exp $
Postgres documentation
-->
@ -27,7 +27,7 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <rep
where <replaceable class="PARAMETER">option</replaceable> can be:
PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
[ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
| CREATEDB | NOCREATEDB
| CREATEUSER | NOCREATEUSER
| VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>'
@ -53,10 +53,13 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
</varlistentry>
<varlistentry>
<term><replaceable class="PARAMETER">password</replaceable></term>
<term><replaceable class="PARAMETER">[ encrypted | unencrypted ] password</replaceable></term>
<listitem>
<para>
The new password to be used for this account.
<literal>Encrypted</literal>/ <literal>unencrypted</literal>
controls whether the password is stored encrypted in the
database.
</para>
</listitem>
</varlistentry>

13
doc/src/sgml/ref/create_user.sgml
View File

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.17 2001/07/10 22:09:27 tgl Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.18 2001/08/15 18:42:14 momjian Exp $
Postgres documentation
-->
@ -28,7 +28,7 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <re
where <replaceable class="PARAMETER">option</replaceable> can be:
SYSID <replaceable class="PARAMETER">uid</replaceable>
| PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
| CREATEDB | NOCREATEDB
| CREATEUSER | NOCREATEUSER
| IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...]
@ -72,12 +72,19 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
</varlistentry>
<varlistentry>
<term><replaceable class="parameter">password</replaceable></term>
<term><replaceable class="parameter">[ encrypted | unencrypted ] password</replaceable></term>
<listitem>
<para>
Sets the user's password. If you do not plan to use password
authentication you can omit this option, otherwise the user
won't be able to connect to a password-authenticated server.
</para>
<para>
<literal>ENCRYPTED/UNENCRYPTED</literal> controls whether the
password is stored encrypted in the database. Older clients may
have trouble communicating using encrypted password storage.
</para>
<para>
See the chapter on client authentication in the
<citetitle>Administrator's Guide</citetitle> for details on
how to set up authentication mechanisms.

26
doc/src/sgml/runtime.sgml
View File

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.74 2001/08/09 16:20:43 petere Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.75 2001/08/15 18:42:14 momjian Exp $
-->
<Chapter Id="runtime">
@ -967,6 +967,18 @@ env PGOPTIONS='-c geqo=off' psql
<para>
<variablelist>
<varlistentry>
<term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term>
<listitem>
<para>
If set to true, <literal>CST</literal>, <literal>EST</literal>,
and <literal>SAT</literal> are interpreted as Australian
timezones rather than as North American Central/Eastern
Timezones and Saturday. The default is false.
</para>
</listitem>
</varlistentry>
<varlistentry>
<indexterm>
<primary>deadlock</primary>
@ -1260,18 +1272,6 @@ dynamic_library_path = '/usr/local/lib:/home/my_project/lib:$libdir:$libdir/cont
</listitem>
</varlistentry>
<varlistentry>
<term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term>
<listitem>
<para>
If set to true, <literal>CST</literal>, <literal>EST</literal>,
and <literal>SAT</literal> are interpreted as Australian
timezones rather than as North American Central/Eastern
Timezones and Saturday. The default is false.
</para>
</listitem>
</varlistentry>
<varlistentry>
<indexterm>
<primary>SSL</primary>