From 170b66a0c5ed7b1921fb6119f0668136fecc0a05 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 20 Nov 2008 20:45:30 +0000 Subject: Issue a proper error message when MD5 is attempted when db_user_namespace is enabled. Also document this limitation. --- doc/src/sgml/client-auth.sgml | 4 +++- doc/src/sgml/config.sgml | 13 ++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index f10a93953e1..4a8aea4d3a9 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ - + Client Authentication @@ -712,6 +712,8 @@ omicron bryanh guest1 If you are at all concerned about password sniffing attacks then md5 is preferred. Plain password should always be avoided if possible. + md5 cannot be used with . diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 7931ea87377..dcb7c51b25a 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ - + Server Configuration @@ -706,6 +706,17 @@ SET ENABLE_SEQSCAN TO OFF; before the user name is looked up by the server. + + db_user_namespace causes the client's and + server's user name representation to differ. + Authentication checks are always done with the server's user name + so authentication methods must be configured for the + server's user name, not the client's. Because + md5 uses the user name as salt on both the + client and server, md5 cannot be used with + db_user_namespace. + + This feature is intended as a temporary measure until a -- cgit v1.2.3