[Pgpool-hackers] [patch] add a username option to pg_md5 in md5auth mode
Tatsuo Ishii
ishii at sraoss.co.jp
Sun Jun 12 09:40:22 UTC 2011
> Nicolas,
>
> Thanks for your patches. This is actually what I wanted to do with
> 3.1. Great!
>
>> I have found that pg_md5 in md5auth mode can only create a pool_passwd
>> entry for the unix user running it. You cannot just edit the username
>> in pool_passwd afterwards since the hash is created as
>> md5(PasswordUsername) in PostgreSQL. Thus the possible ways to add
>> valid accounts to pool_passwd are :
>>
>> - - get the hash from pg_shadow (only works if the passwords are encrypted
>> in the database)
>> - - create the hash from PasswordUsername with pg_md5 without -m then edit
>> pool_passwd
>> - - have a unix account for each user in PostgreSQL (!)
>>
>> Thus the attached patch (against HEAD rev 1.11) add a --username (or -u)
>> to pg_md5 to let the administrator create pool_passwd for any role more
>> easily. It falls back to the current username when the -u argument is
>> empty or the option is note given and has no effect when -m is not
>> specified. The patch also adds the option to the English documentation,
>> since I don't know Japanese, I could not update the Japanese version :)
>>
>>
>> Also, the patch use MAX_INPUT_SIZE for the username buffer, it is
>> currently 32 bytes, which is quite small for both username and password.
>> I think it could be changed to 64 at least, 128 would be best. What do
>> you think?
>
> 128 is fine for me too. I will modify the part and apply your patches.
Done.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
More information about the Pgpool-hackers
mailing list