[Pkg-postgresql-public] Bug#779683: Bug#779683: postgresql: pg_hba scripts (mis)configures for MD5 authentication
Stephen Frost
sfrost at snowman.net
Thu Mar 5 16:53:47 UTC 2015
* Michael Samuel (mik at miknet.net) wrote:
> I think the direction upstream is going with SCRAM (or similar) is
> fine, but either new hashes are required or using a customized code
> base that uses MD5(password|username) where the password would
> normally be directly input is needed.
For my 2c, I'm hopeful we can use the recommended storage approach
instead of keeping the current hashes (except as needed during the
transistion, of course).
> I don't have time to write any code, but I'm happy to review schemes
> and code (and probably will at some point anyway).
Thanks, I'll keep that in mind.
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150305/e865c9ec/attachment-0001.sig>
More information about the Pkg-postgresql-public
mailing list