[unixODBC-support] Encrypted Password

Peter Lane peter at muffinspawn.com
Tue Aug 21 20:36:09 BST 2007


On Aug 21, 2007, at 9:34 AM, Nick Gorham wrote:

> Peter Lane wrote:
>
>> So you're saying that you don't explicitly tell the client to   
>> encrypt, but that the server is queried and sends back a  
>> requirement  that passwords be encrypted? What if the server is  
>> using SSL? Does it  somehow automatically detect that as well  
>> somehow? My experience with  JDBC suggests that this must be  
>> explicitly turned on in the client.
>>
> Well, thats what I think, at the end of the day its a postgres not  
> unixODBC thing, but I did my best to provide a answer.

I appreciate the help. I didn't mean to ask for postgres  
configuration help. I can do all of that. I thought turning on client  
encryption and SSL might have been implemented at the ODBC or  
unixODBC level. It sounds like this is all driver-specific  
functionality.

Anyway, once postgres is configured for md5 the driver is handling it  
just fine. SSL is still not working, though. Perhaps I need the  
driver that the PostgreSQL folks provide. Too bad it doesn't build on  
OS X. :-(

Thanks again,
Peter

> SSL is not what we are talking about, I would expect that a  
> different port is used for that,
>
> Looking at a pg_hba.conf file I have to hand
>
> # This file controls: which hosts are allowed to connect, how clients
> # are authenticated, which PostgreSQL user names they can use, which
> # databases they can access.  Records take one of these forms:
> #
> # local      DATABASE  USER  METHOD  [OPTION]
> # host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
> # hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
> # hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>
> ...
>
> # The first field is the connection type: "local" is a Unix-domain  
> socket,
> # "host" is either a plain or SSL-encrypted TCP/IP socket,  
> "hostssl" is an
> # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP  
> socket.
>
> ...
>
> # METHOD can be "trust", "reject", "md5", "crypt", "password",
> # "krb5", "ident", "pam" or "ldap".  Note that "password" sends  
> passwords
> # in clear text; "md5" is preferred since it sends encrypted  
> passwords.
>
> -- 
> Nick Gorham
> Easysoft Limited
> http://www.easysoft.com, http://www.unixODBC.org
>
> _______________________________________________
> unixODBC-support mailing list
> unixODBC-support at easysoft.com
> http://mail.easysoft.com/mailman/listinfo/unixodbc-support

------------------------------------------------------------------------ 
--------------------
"To learn the sword, study the guitar. To learn the fist, study  
commerce. To only study the sword will make you narrow-minded and  
will keep you from growing outward." --Miyamoto Musashi



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.unixodbc.org/pipermail/unixodbc-support/attachments/20070821/b33ab22f/attachment.html>


More information about the unixODBC-support mailing list