On 06/11/2009, at 8:48, Raimon Fernandez wrote:
I'm blocked .......
On 06/11/2009, at 6:27, John DeSoi wrote:
On Nov 5, 2009, at 12:35 PM, Raimon Fernandez wrote:
at least, my first md5 (psw+user) is the same as the pg_shadow
(wihtout the 'md5') ...
should I md5 the first md5 as I get it as string (like username)
or byte by byte ?
As far as I know, a string. But it is unclear to me what happens
when the user or database name has non-ascii characters. The client
encoding is not established until after authentication.
I asked about that a while ago but did not get any responses.
After reading all the emails about it, I'm blocked, maybe someone
can see where the error is and shade some light on it ...
user: postgres (test values)
psw:postgres (test values)
first md5("postgrepostgres") ==> 44965A835F81EC252D83961D2CC9F3E1
salt: A6B76060
second md5("44965A835F81EC252D83961D2CC9F3E1"+"A6B76060") ==>
34F74BEF877202D4399092F97EFE8712
send to server: header + length +
"md5"+"34F74BEF877202D4399092F97EFE8712" ==> Fatal error, password
Authentication failed for user postgres ...
I've created a tcpdump with all information:
server =>
52 (R)
00 00 00 0C (12 length)
00 00 00 05 (5 => md5)
C8 C3 57 17 (token)
psql sends =>
70 00 00 00 28 6D 64 35 33 38 38 35 30 37 37 39 31 39 64 38 30 63 39
35 62 33 32 34 65 39 63 36 38 65 39 64 37 66 64 63 00 => binary
p���(md53885077919d80c95b324e9c68e9d7fdc� => string
user: postgres
psw: postgre
I can't create an identical HASH with those values, because:
the first md5 is easy: 44965a835f81ec252d83961d2cc9f3e1c8c35717
Now we have to MD5 this one with the token:
1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and
lowercase)
2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase)
3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 + &H57 + &H17
4. ??????????
wich one is the correct ?
thanks,
regards,
raimon
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
