在 PostgreSQL 中使用加密密码创建用户 [英] Creating user with encrypted password in PostgreSQL

问题描述

是否可以在不提供纯文本密码的情况下在 PostgreSQL 中创建用户(理想情况下，我希望能够创建一个仅提供使用 sha-256 加密的密码的用户)?

Is it possible to create a user in PostgreSQL without providing the plain text password (ideally, I would like to be able to create a user providing only its password crypted with sha-256) ?

我想做的是用类似的东西创建一个用户:

What I would like to do is to create a user with something like that :

CREATE USER "martin" WITH PASSWORD '$6$kH3l2bj8iT$KKrTAKDF4OoE7w.oy(...)BPwcTBN/V42hqE.';

有没有办法做到这一点?

Is there some way to do that ?

感谢您的帮助.

推荐答案

您可以提供已经用 md5 散列的密码，如文档中所述 (创建角色):

You may provide the password already hashed with md5, as said in the doc (CREATE ROLE):

ENCRYPTED UNENCRYPTED 这些关键字控制密码是否为加密存储在系统目录中.(如果两者都没有指定，则默认行为由配置参数决定password_encryption.) 如果提供的密码字符串已经在MD5 加密格式，然后按原样加密存储，无论是否指定了 ENCRYPTED 或 UNENCRYPTED(因为系统不能解密指定的加密密码字符串).这允许在转储/恢复期间重新加载加密密码.

ENCRYPTED UNENCRYPTED These key words control whether the password is stored encrypted in the system catalogs. (If neither is specified, the default behavior is determined by the configuration parameter password_encryption.) If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is, regardless of whether ENCRYPTED or UNENCRYPTED is specified (since the system cannot decrypt the specified encrypted password string). This allows reloading of encrypted passwords during dump/restore.

这里缺少的信息是 MD5 加密的字符串应该是与用户名连接的密码，加上开头的 md5.

The information that's missing here is that the MD5-encrypted string should be the password concatened with the username, plus md5 at the beginning.

因此例如使用密码 foobar 创建 u0，知道 md5('foobaru0') 是 ac4bbe016b808c3c0b816981f240dcae:

So for example to create u0 with the password foobar, knowing that md5('foobaru0') is ac4bbe016b808c3c0b816981f240dcae:

CREATE USER u0 PASSWORD 'md5ac4bbe016b808c3c0b816981f240dcae';

然后 u0 将能够通过输入 foobar 作为密码登录.

and then u0 will be able to log in by typing foobar as the password.

我认为目前没有一种方法可以使用 SHA-256 而不是 md5 作为 PostgreSQL 密码.

I don't think that there's currently a way to use SHA-256 instead of md5 for PostgreSQL passwords.

这篇关于在 PostgreSQL 中使用加密密码创建用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！