postgres

History

Magnus Hagander 3fb50a7288 Convert cvsignore to gitignore, and add .gitignore for build targets.		15 years ago
..
.gitignore	Convert cvsignore to gitignore, and add .gitignore for build targets.	15 years ago
Makefile	PGXS should be set with := not =, as specified in the documentation,	20 years ago
README.chkpass	Document that chkpass ignores password characters after the eighth.	20 years ago
chkpass.c	Standard pgindent run for 8.1.	20 years ago
chkpass.sql.in	Make sure contrib C functions are marked strict where needed.	21 years ago

README.chkpass

$PostgreSQL: pgsql/contrib/chkpass/README.chkpass,v 1.3 2005/09/23 15:05:04 tgl Exp $

Chkpass is a password type that is automatically checked and converted upon
entry.  It is stored encrypted.  To compare, simply compare agains a clear
text password and the comparison function will encrypt it before comparing.
It also returns an error if the code determines that the password is easily
crackable.  This is currently a stub that does nothing.

I haven't worried about making this type indexable.  I doubt that anyone
would ever need to sort a file in order of encrypted password.

If you precede the string with a colon, the encryption and checking are
skipped so that you can enter existing passwords into the field.

On output, a colon is prepended.  This makes it possible to dump and reload
passwords without re-encrypting them.  If you want the password (encrypted)
without the colon then use the raw() function.  This allows you to use the
type with things like Apache's Auth_PostgreSQL module.

The encryption uses the standard Unix function crypt(), and so it suffers
from all the usual limitations of that function; notably that only the
first eight characters of a password are considered.

D'Arcy J.M. Cain
darcy@druid.net