From: Bruce Momjian Date: Fri, 14 Oct 2011 00:48:50 +0000 (-0400) Subject: Document actual string that has to be returned by the client for MD5 X-Git-Tag: REL9_2_BETA1~976 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ad30d366424aee9736f7a71be87e6941d7dd12df;p=postgresql Document actual string that has to be returned by the client for MD5 authentication. Report and pseudo code by Cyan Ogilvie --- diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 19c9686fff..4fda518970 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -293,10 +293,15 @@ The frontend must now send a PasswordMessage containing the - password encrypted via MD5, using the 4-character salt - specified in the AuthenticationMD5Password message. If - this is the correct password, the server responds with an - AuthenticationOk, otherwise it responds with an ErrorResponse. + password (with username) encrypted via MD5, then encrypted + again using the 4-byte random salt specified in the + AuthenticationMD5Password message. If this is the correct + password, the server responds with an AuthenticationOk, + otherwise it responds with an ErrorResponse. The actual + PasswordMessage can be computed in SQL as concat('md5', + md5(concat(md5(concat(password, username)), random-salt))). + (Keep in mind the md5() function returns its + result as a hex string.)