[unixODBC-support] Encrypted Password

Peter Lane peter at muffinspawn.com
Tue Aug 21 23:58:42 BST 2007


Just so I don't mislead anybody, I just got the official ODBC driver  
for PostgreSQL 8.x to compile on OS X after messing with it a bit  
(had to add -lssl to the Makefile.am for starters). Using that driver  
enables SSL, so it's all good.

Peter

On Aug 21, 2007, at 1:36 PM, Peter Lane wrote:

>
> On Aug 21, 2007, at 9:34 AM, Nick Gorham wrote:
>
>> Peter Lane wrote:
>>
>>> So you're saying that you don't explicitly tell the client to   
>>> encrypt, but that the server is queried and sends back a  
>>> requirement  that passwords be encrypted? What if the server is  
>>> using SSL? Does it  somehow automatically detect that as well  
>>> somehow? My experience with  JDBC suggests that this must be  
>>> explicitly turned on in the client.
>>>
>> Well, thats what I think, at the end of the day its a postgres not  
>> unixODBC thing, but I did my best to provide a answer.
>
> I appreciate the help. I didn't mean to ask for postgres  
> configuration help. I can do all of that. I thought turning on  
> client encryption and SSL might have been implemented at the ODBC  
> or unixODBC level. It sounds like this is all driver-specific  
> functionality.
>
> Anyway, once postgres is configured for md5 the driver is handling  
> it just fine. SSL is still not working, though. Perhaps I need the  
> driver that the PostgreSQL folks provide. Too bad it doesn't build  
> on OS X. :-(
>
> Thanks again,
> Peter
>
>> SSL is not what we are talking about, I would expect that a  
>> different port is used for that,
>>
>> Looking at a pg_hba.conf file I have to hand
>>
>> # This file controls: which hosts are allowed to connect, how clients
>> # are authenticated, which PostgreSQL user names they can use, which
>> # databases they can access.  Records take one of these forms:
>> #
>> # local      DATABASE  USER  METHOD  [OPTION]
>> # host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>> # hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>> # hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>>
>> ...
>>
>> # The first field is the connection type: "local" is a Unix-domain  
>> socket,
>> # "host" is either a plain or SSL-encrypted TCP/IP socket,  
>> "hostssl" is an
>> # SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP  
>> socket.
>>
>> ...
>>
>> # METHOD can be "trust", "reject", "md5", "crypt", "password",
>> # "krb5", "ident", "pam" or "ldap".  Note that "password" sends  
>> passwords
>> # in clear text; "md5" is preferred since it sends encrypted  
>> passwords.
>>
>> -- 
>> Nick Gorham
>> Easysoft Limited
>> http://www.easysoft.com, http://www.unixODBC.org
>>
>> _______________________________________________
>> unixODBC-support mailing list
>> unixODBC-support at easysoft.com
>> http://mail.easysoft.com/mailman/listinfo/unixodbc-support
>
> ---------------------------------------------------------------------- 
> ----------------------
> "To learn the sword, study the guitar. To learn the fist, study  
> commerce. To only study the sword will make you narrow-minded and  
> will keep you from growing outward." --Miyamoto Musashi
>
>
>
> _______________________________________________
> unixODBC-support mailing list
> unixODBC-support at easysoft.com
> http://mail.easysoft.com/mailman/listinfo/unixodbc-support

------------------------------------------------------------------------ 
--------------------
"To learn the sword, study the guitar. To learn the fist, study  
commerce. To only study the sword will make you narrow-minded and  
will keep you from growing outward." --Miyamoto Musashi



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.unixodbc.org/pipermail/unixodbc-support/attachments/20070821/eeffccb9/attachment.html>


More information about the unixODBC-support mailing list