From: Dan McGuirk <mcguirk@indirect.com>

Subject: [HACKERS] password authentication

This patch adds support for plaintext password authentication.  To use
it, you add a line like

host         all         0.0.0.0       0.0.0.0           password  pg_pwd.conf


to your pg_hba.conf, where 'pg_pwd.conf' is the name of a file containing
the usernames and password hashes in the format of the first two fields
of a Unix /etc/passwd file.  (Of course, you can use a specific database
name or IP instead.)

Then, to connect with a password through libpq, you use the PQconnectdb()
function, specifying the "password=" tag in the connect string and also
adding the tag "authtype=password".

I also added a command-line switch '-u' to psql that tells it to prompt
for a username and password and use password authentication.

src/include/config.h.in

@@ -266,8 +266,11 @@
  */
 /*#define GEQO */ /* backend/optimizer/path/allpaths.c */
 
-
-
+/*
+ * Define this if you want psql to _always_ ask for a username and a password
+ * for password authentication.
+ */
+/* #define PSQL_ALWAYS_GET_PASSWORDS */
 
 /* Undocumented "features"? */
 #define FASTBUILD /* access/nbtree/nbtsort.c */

src/include/libpq/hba.h

@@ -4,16 +4,46 @@
  *    Interface to hba.c
  *
  *
- * $Id: hba.h,v 1.2 1996/11/06 10:29:58 scrappy Exp $
+ * $Id: hba.h,v 1.3 1997/03/12 21:22:16 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef HBA_H
 #define	HBA_H
 
+#include <libpq/pqcomm.h>
+
+#define CONF_FILE "pg_hba.conf"             
+  /* Name of the config file  */
+
+#define MAP_FILE "pg_ident.conf"
+  /* Name of the usermap file */
+
+#define OLD_CONF_FILE "pg_hba"
+  /* Name of the config file in prior releases of Postgres. */
+
+#define MAX_LINES 255                    
+  /* Maximum number of config lines that can apply to one database    */
+
+#define MAX_TOKEN 80                    
+/* Maximum size of one token in the configuration file  */
+
+#define USERMAP_NAME_SIZE 16  /* Max size of a usermap name */
+
+#define IDENT_PORT 113
+  /* Standard TCP port number for Ident service.  Assigned by IANA */
+
+#define IDENT_USERNAME_MAX 512  
+  /* Max size of username ident server can return */
+
+enum Userauth {Trust, Ident, Password};
 
 extern int
 hba_recvauth(const Port *port, const char database[], const char user[],
              const char DataDir[]);
+void find_hba_entry(const char DataDir[], const struct in_addr ip_addr, 
+		    const char database[], 
+		    bool *host_ok_p, enum Userauth *userauth_p, 
+		    char usermap_name[], bool find_password_entries);
 
 #endif

src/include/libpq/pqcomm.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pqcomm.h,v 1.7 1997/02/11 15:37:18 momjian Exp $
+ * $Id: pqcomm.h,v 1.8 1997/03/12 21:22:19 scrappy Exp $
  *
  * NOTES
  *    Some of this should move to libpq.h
@@ -52,10 +52,15 @@ typedef enum _MsgType {
     STARTUP_KRB4_MSG=10,	/* krb4 session follows startup packet */
     STARTUP_KRB5_MSG=11,      	/* krb5 session follows startup packet */
     STARTUP_HBA_MSG=12,         /* use host-based authentication */
-    STARTUP_UNAUTH_MSG=13       /* use unauthenticated connection */
+    STARTUP_UNAUTH_MSG=13,      /* use unauthenticated connection */
+    STARTUP_PASSWORD_MSG=14     /* use plaintext password authentication */
     /* insert new values here -- DO NOT REORDER OR DELETE ENTRIES */
+    /* also change LAST_AUTHENTICATION_TYPE below and add to the */
+    /* authentication_type_name[] array in pqcomm.c */
 } MsgType;
 
+#define LAST_AUTHENTICATION_TYPE 14
+
 typedef char *Addr;
 typedef int PacketLen;	/* packet length */
 
@@ -126,6 +131,6 @@ extern int PacketSend(Port *port, PacketBuf *buf,
 		      PacketLen len, char nonBlocking);
 /* extern PacketBuf* StartupInfo2PacketBuf(StartupInfo*); */
 /* extern StartupInfo* PacketBuf2StartupInfo(PacketBuf*); */
-
+extern char *name_of_authentication_type(int type);
 
 #endif	/* PQCOMM_H */