Document actual string that has to be returned by the client for MD5

author Bruce Momjian <bruce@momjian.us>

Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)

committer Bruce Momjian <bruce@momjian.us>

Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)
author Bruce Momjian <bruce@momjian.us>
Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)
committer Bruce Momjian <bruce@momjian.us>
Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml

index 19c9686fff4407bc1e1067506ba7b984f0c8b70a..4fda5189709a44f35971bb07a9df5d3900e27612 100644 (file)
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -293,10 +293,15 @@
        <listitem>
         <para>
          The frontend must now send a PasswordMessage containing the
-        password encrypted via MD5, using the 4-character salt
-        specified in the AuthenticationMD5Password message.  If
-        this is the correct password, the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
+        password (with username) encrypted via MD5, then encrypted
+        again using the 4-byte random salt specified in the
+        AuthenticationMD5Password message.  If this is the correct
+        password, the server responds with an AuthenticationOk,
+        otherwise it responds with an ErrorResponse.  The actual
+        PasswordMessage can be computed in SQL as <literal>concat('md5',
+        md5(concat(md5(concat(password, username)), random-salt)))</>.
+        (Keep in mind the <function>md5()</> function returns its
+        result as a hex string.)
         </para>
        </listitem>
       </varlistentry>
author	Bruce Momjian <bruce@momjian.us>
	Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)
committer	Bruce Momjian <bruce@momjian.us>
	Fri, 14 Oct 2011 00:48:50 +0000 (20:48 -0400)