Jorge Godoy wrote:
Shane Ambler <pgsql@xxxxxxxxxxxxxxxx> writes:
What Dev would want to look for (probably create) is a small script that will
read his list of crypt passwords and un-crypt them into a create role string
that is fed to psql.
Except that the hash used is unidirectional, i.e., there's no way to decrypt
it besides a brute force attack or something like that.
If he's got, e.g., 10 users with strong passwords this kind of thing can take
some weeks.
crypt may be a custom function (or what Dev calls something else
altogether) which is one way and complex - that info wasn't given.
The only crypt I know of is the crypt command (FreeBSD has it at
/usr/bin/crypt) and is also known as enigma. This is a two way
encryption and is fast.
If that is what he is using then decrypting will not be part of the time
issue and is the basis of the advice I gave.
According to time - decrypting a 3K file takes about .002 seconds
If a strong one way encryption has been used then he is out of luck and
will need the users to re-enter their passwords after the accounts are
created with another password of some sort.
Which is also another option for him even if he can decrypt what is
currently stored.
--
Shane Ambler
Postgres@xxxxxxxxxxxxxxxx
Get Sheeky @ http://Sheeky.Biz
