fix notes about password encryption in pg_authid docs

Started by Nathan Bossart7 months ago6 messages

nathandbossart@gmail.com

7 months ago

I noticed that the docs for the pg_authid catalog still indicate that
passwords might be stored "unencrypted," which hasn't been possible since
commit eb61136. The attached patch attempts to fix that. If acceptable,
I'd back-patch it to all supported versions.

--
nathan

Nathan Bossart

nathandbossart@gmail.com

7 months ago

In reply to: Nathan Bossart (#1)

1 attachment(s)

Re: fix notes about password encryption in pg_authid docs

On Mon, Jun 02, 2025 at 09:16:10AM -0500, Nathan Bossart wrote:

I noticed that the docs for the pg_authid catalog still indicate that
passwords might be stored "unencrypted," which hasn't been possible since
commit eb61136. The attached patch attempts to fix that. If acceptable,
I'd back-patch it to all supported versions.

And now with a patch actually attached...

--
nathan

Attachments:

v1-0001-doc-Fix-notes-about-password-encryption-in-pg_aut.patchtext/plain; charset=us-asciiDownload

From 268dc1afbcb1195de6b9aa735d9e27449c2e8fd2 Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nathan@postgresql.org>
Date: Mon, 2 Jun 2025 09:08:24 -0500
Subject: [PATCH v1 1/1] doc: Fix notes about password encryption in pg_authid.

---
 doc/src/sgml/catalogs.sgml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index cbd4e40a320..d53e7e39b59 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -1582,7 +1582,7 @@
        <structfield>rolpassword</structfield> <type>text</type>
       </para>
       <para>
-       Password (possibly encrypted); null if none. The format depends
+       Encrypted password; null if none. The format depends
        on the form of encryption used.
       </para></entry>
      </row>
@@ -1627,11 +1627,6 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
    <replaceable>ServerKey</replaceable> are in Base64 encoded format. This format is
    the same as that specified by <ulink url="https://datatracker.ietf.org/doc/html/rfc5803">RFC 5803</ulink>.
   </para>
-
-  <para>
-    A password that does not follow either of those formats is assumed to be
-    unencrypted.
-  </para>
  </sect1>
 
 
-- 
2.39.5 (Apple Git-154)

Michael Paquier

michael@paquier.xyz

7 months ago

In reply to: Nathan Bossart (#2)

Re: fix notes about password encryption in pg_authid docs

On Mon, Jun 02, 2025 at 09:21:39AM -0500, Nathan Bossart wrote:

On Mon, Jun 02, 2025 at 09:16:10AM -0500, Nathan Bossart wrote:

I noticed that the docs for the pg_authid catalog still indicate that
passwords might be stored "unencrypted," which hasn't been possible since
commit eb61136. The attached patch attempts to fix that. If acceptable,
I'd back-patch it to all supported versions.

Good point.

You are missing one reference in doc/src/sgml/system-views.sgml for
pg_shadow.passwd, no?
--
Michael

Nathan Bossart

nathandbossart@gmail.com

7 months ago

In reply to: Michael Paquier (#3)

1 attachment(s)

Re: fix notes about password encryption in pg_authid docs

On Tue, Jun 03, 2025 at 01:43:15PM +0900, Michael Paquier wrote:

You are missing one reference in doc/src/sgml/system-views.sgml for
pg_shadow.passwd, no?

Yup. Here is an updated patch.

--
nathan

Attachments:

v2-0001-doc-Fix-notes-about-password-encryption-in-pg_aut.patchtext/plain; charset=us-asciiDownload

From 2d41fa2cff14b548905e2dfdd98b992976137e61 Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nathan@postgresql.org>
Date: Mon, 2 Jun 2025 09:08:24 -0500
Subject: [PATCH v2 1/1] doc: Fix notes about password encryption in pg_authid.

---
 doc/src/sgml/catalogs.sgml     | 7 +------
 doc/src/sgml/system-views.sgml | 2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index cbd4e40a320..d53e7e39b59 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -1582,7 +1582,7 @@
        <structfield>rolpassword</structfield> <type>text</type>
       </para>
       <para>
-       Password (possibly encrypted); null if none. The format depends
+       Encrypted password; null if none. The format depends
        on the form of encryption used.
       </para></entry>
      </row>
@@ -1627,11 +1627,6 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
    <replaceable>ServerKey</replaceable> are in Base64 encoded format. This format is
    the same as that specified by <ulink url="https://datatracker.ietf.org/doc/html/rfc5803">RFC 5803</ulink>.
   </para>
-
-  <para>
-    A password that does not follow either of those formats is assumed to be
-    unencrypted.
-  </para>
  </sect1>
 
 
diff --git a/doc/src/sgml/system-views.sgml b/doc/src/sgml/system-views.sgml
index b58c52ea50f..986ae1f543d 100644
--- a/doc/src/sgml/system-views.sgml
+++ b/doc/src/sgml/system-views.sgml
@@ -3932,7 +3932,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
        <structfield>passwd</structfield> <type>text</type>
       </para>
       <para>
-       Password (possibly encrypted); null if none.  See
+       Encrypted password; null if none.  See
        <link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>
        for details of how encrypted passwords are stored.
       </para></entry>
-- 
2.39.5 (Apple Git-154)

Michael Paquier

michael@paquier.xyz

7 months ago

In reply to: Nathan Bossart (#4)

Re: fix notes about password encryption in pg_authid docs

On Tue, Jun 03, 2025 at 01:01:58PM -0500, Nathan Bossart wrote:

Yup. Here is an updated patch.

Looks fine to me.
--
Michael

Nathan Bossart

nathandbossart@gmail.com

7 months ago

In reply to: Michael Paquier (#5)

Re: fix notes about password encryption in pg_authid docs

On Wed, Jun 04, 2025 at 02:11:55PM +0900, Michael Paquier wrote:

Looks fine to me.

Committed, thanks.

--
nathan