postgresql/contrib/chkpass
Neil Conway a323ede280 Fix a few places that were checking for the return value of palloc() to be
non-NULL: palloc() ereports on OOM, so we can safely assume it returns a
valid pointer.
2006-03-19 22:22:56 +00:00
..
chkpass.c Fix a few places that were checking for the return value of palloc() to be 2006-03-19 22:22:56 +00:00
chkpass.sql.in Make sure contrib C functions are marked strict where needed. 2005-01-29 22:35:02 +00:00
Makefile contrib uninstall scripts 2006-02-27 12:54:39 +00:00
README.chkpass Document that chkpass ignores password characters after the eighth. 2005-09-23 15:05:04 +00:00
uninstall_chkpass.sql Fix a number of syntax errors in contrib modules' uninstall scripts. 2006-03-13 18:04:58 +00:00

$PostgreSQL: pgsql/contrib/chkpass/README.chkpass,v 1.3 2005/09/23 15:05:04 tgl Exp $

Chkpass is a password type that is automatically checked and converted upon
entry.  It is stored encrypted.  To compare, simply compare agains a clear
text password and the comparison function will encrypt it before comparing.
It also returns an error if the code determines that the password is easily
crackable.  This is currently a stub that does nothing.

I haven't worried about making this type indexable.  I doubt that anyone
would ever need to sort a file in order of encrypted password.

If you precede the string with a colon, the encryption and checking are
skipped so that you can enter existing passwords into the field.

On output, a colon is prepended.  This makes it possible to dump and reload
passwords without re-encrypting them.  If you want the password (encrypted)
without the colon then use the raw() function.  This allows you to use the
type with things like Apache's Auth_PostgreSQL module.

The encryption uses the standard Unix function crypt(), and so it suffers
from all the usual limitations of that function; notably that only the
first eight characters of a password are considered.

D'Arcy J.M. Cain
darcy@druid.net