[Pgpool-hackers] [patch] add a username option to pg_md5 in md5auth mode

Nicolas Thauvin nicolas.thauvin at dalibo.com
Thu Jun 9 21:08:27 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have found that pg_md5 in md5auth mode can only create a pool_passwd
entry for the unix user running it.  You cannot just edit the username
in pool_passwd afterwards since the hash is created as
md5(PasswordUsername) in PostgreSQL.  Thus the possible ways to add
valid accounts to pool_passwd are :

- - get the hash from pg_shadow (only works if the passwords are encrypted
in the database)
- - create the hash from PasswordUsername with pg_md5 without -m then edit
pool_passwd
- - have a unix account for each user in PostgreSQL (!)

Thus the attached patch (against HEAD rev 1.11) add a --username (or -u)
to pg_md5 to let the administrator create pool_passwd for any role more
easily.  It falls back to the current username when the -u argument is
empty or the option is note given and has no effect when -m is not
specified.  The patch also adds the option to the English documentation,
since I don't know Japanese, I could not update the Japanese version :)


Also, the patch use MAX_INPUT_SIZE for the username buffer, it is
currently 32 bytes, which is quite small for both username and password.
 I think it could be changed to 64 at least, 128 would be best. What do
you think?

Regards,
- -- 
Nicolas Thauvin
DBA
http://www.dalibo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJN8TZLAAoJEDa2VZzWZKpNYkcQAJQ/biMWeAKFEcyPRPV59wQK
Tc+0CKi9f626BzA2f13PYSt84xwQHabrBwjpquRmfMleFfsgGHqV2JTxgY3Xsf3c
PmGLp9gLDZaLYp7zZEED35oQ8meSAMpTT1o5PFvCDrp5oZCSymUy6RoGRfjbQ4w/
JEjhdsO+3dJ/D9UX3C5et2R9KLk6J7xSF03RfKlR72yZNDOmSvaJcn+3IHr/rBGE
SNcNkv76cp2PwCc66q5XH2Qo2HEttXNKbjCmSCgTKwgdJS9IroZsQ+JvJqY6TdBl
JwuTtzNGMii1eryJRu6bMacvvBHxGz12W82+uekmW69ivYT2QMDUDpayGVbcWA0q
E28DvbU1JAPKBwlSt+rPERw1dSL8xhUTxMdE22mfL9wG6CcbJ6lEzUaRqzLviWeJ
I2Oy+Ycicj+jCLK4j8JX7TWFPh2qYJFmCOY2LhYVRQFz08oBXeNXRS7OUVJS6fSX
P9OQRsF0Kq9ChQeGbtrXL8uZZT9GhFzU+0FGV3jDF/R4pQuUvKCz+qSBEh52X0sR
eGww6DRsoBz3kzRCcbegJI4GBChzvLozNQ65/0YxA06XJ1dmKfP3zyIY/2VNEUpD
R61HK+qpzoTOjj4IbZBNqt/R3rOxC4F+luV0Zr2cMf0b6aABHxVyzlTyzBOe4tAp
doCVgRYIBvNKOpkvJI3O
=jEdW
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pg_md5_username.patch
Type: text/x-patch
Size: 5057 bytes
Desc: not available
URL: <http://pgfoundry.org/pipermail/pgpool-hackers/attachments/20110609/a398f97a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pg_md5_username.patch.sig
Type: application/octet-stream
Size: 543 bytes
Desc: not available
URL: <http://pgfoundry.org/pipermail/pgpool-hackers/attachments/20110609/a398f97a/attachment.obj>

More information about the Pgpool-hackers mailing list