[unixODBC-support] Encrypted Password

Nick Gorham nick.gorham at easysoft.com
Tue Aug 21 16:34:39 BST 2007


Peter Lane wrote:

> So you're saying that you don't explicitly tell the client to  
> encrypt, but that the server is queried and sends back a requirement  
> that passwords be encrypted? What if the server is using SSL? Does it  
> somehow automatically detect that as well somehow? My experience with  
> JDBC suggests that this must be explicitly turned on in the client.
>
Well, thats what I think, at the end of the day its a postgres not 
unixODBC thing, but I did my best to provide a answer. SSL is not what 
we are talking about, I would expect that a different port is used for that,

Looking at a pg_hba.conf file I have to hand

# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access.  Records take one of these forms:
#
# local      DATABASE  USER  METHOD  [OPTION]
# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]

...

# The first field is the connection type: "local" is a Unix-domain socket,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.

...

# METHOD can be "trust", "reject", "md5", "crypt", "password",
# "krb5", "ident", "pam" or "ldap".  Note that "password" sends passwords
# in clear text; "md5" is preferred since it sends encrypted passwords.

-- 
Nick Gorham
Easysoft Limited
http://www.easysoft.com, http://www.unixODBC.org




More information about the unixODBC-support mailing list