Remove support for (insecure) crypt authentication.

This breaks compatibility with pre-7.2 versions.

doc/src/sgml/client-auth.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="client-authentication">
  <title>Client Authentication</title>
@@ -315,24 +315,6 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
         </listitem>
        </varlistentry>
 
-       <varlistentry>
-        <term><literal>crypt</></term>
-        <listitem>
-         <note>
-         <para>
-          This option is recommended only for communicating with pre-7.2
-          clients.
-         </para>
-         </note>
-         <para>
-          Require the client to supply a <function>crypt()</>-encrypted
-          password for authentication.
-          <literal>md5</literal> is now recommended over <literal>crypt</>.
-          See <xref linkend="auth-password"> for details.
-         </para>
-        </listitem>
-       </varlistentry>
-
        <varlistentry>
         <term><literal>password</></term>
         <listitem>
@@ -704,9 +686,6 @@ omicron       bryanh            guest1
    <indexterm>
     <primary>MD5</>
    </indexterm>
-   <indexterm>
-    <primary>crypt</>
-   </indexterm>
    <indexterm>
     <primary>password</primary>
     <secondary>authentication</secondary>
@@ -714,21 +693,15 @@ omicron       bryanh            guest1
 
    <para>
     The password-based authentication methods are <literal>md5</>,
-    <literal>crypt</>, and <literal>password</>. These methods operate
+    and <literal>password</>. These methods operate
     similarly except for the way that the password is sent across the
-    connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
-    A limitation is that the <literal>crypt</> method does not work with
-    passwords that have been encrypted in <structname>pg_authid</structname>.
+    connection: respectively, MD5-hashed and clear-text.
    </para>
 
    <para>
     If you are at all concerned about password
-    <quote>sniffing</> attacks then <literal>md5</> is preferred, with
-    <literal>crypt</> to be used only if you must support pre-7.2
-    clients. Plain <literal>password</> should be avoided especially for
-    connections over the open Internet (unless you use <acronym>SSL</acronym>,
-    <acronym>SSH</>, or another
-    communications security wrapper around the connection).
+    <quote>sniffing</> attacks then <literal>md5</> is preferred.
+    Plain <literal>password</> should always be avoided if possible.
    </para>
 
    <para>

doc/src/sgml/protocol.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="protocol">
  <title>Frontend/Backend Protocol</title>
@@ -295,19 +295,6 @@
       </listitem>
      </varlistentry>
 
-     <varlistentry>
-      <term>AuthenticationCryptPassword</term>
-      <listitem>
-       <para>
-        The frontend must now send a PasswordMessage containing the
-        password encrypted via crypt(3), using the 2-character salt
-        specified in the AuthenticationCryptPassword message.  If
-        this is the correct password, the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry>
       <term>AuthenticationMD5Password</term>
       <listitem>
@@ -1531,61 +1518,6 @@ AuthenticationCleartextPassword (B)
 </varlistentry>
 
 
-<varlistentry>
-<term>
-AuthenticationCryptPassword (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
-        Byte1('R')
-</term>
-<listitem>
-<para>
-                Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(10)
-</term>
-<listitem>
-<para>
-                Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(4)
-</term>
-<listitem>
-<para>
-                Specifies that a crypt()-encrypted password is required.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Byte2
-</term>
-<listitem>
-<para>
-                The salt to use when encrypting the password.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</para>
-</listitem>
-</varlistentry>
-
-
 <varlistentry>
 <term>
 AuthenticationMD5Password (B)

doc/src/sgml/user-manag.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="user-manag">
  <title>Database Roles and Privileges</title>
@@ -215,8 +215,8 @@ CREATE USER <replaceable>name</replaceable>;
        <para>
         A password is only significant if the client authentication
         method requires the user to supply a password when connecting
-        to the database. The <option>password</>,
-        <option>md5</>, and <option>crypt</> authentication methods
+        to the database. The <option>password</> and
+        <option>md5</> authentication methods
         make use of passwords. Database passwords are separate from
         operating system passwords. Specify a password upon role
         creation with <literal>CREATE ROLE