Use MD5 for wire protocol encryption for >= 7.2 client/server.

Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.

Author: bmomjian

doc/src/sgml/client-auth.sgml

@@ -1,4 +1,4 @@
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.15 2001/08/01 23:25:39 tgl Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.16 2001/08/15 18:42:14 momjian Exp $ -->
 
 <chapter id="client-authentication">
  <title>Client Authentication</title>
@@ -205,11 +205,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
          <para>
           Like the <literal>password</literal> method, but the password
           is sent over the wire encrypted using a simple
-          challenge-response protocol. This is still not
-          cryptographically secure but it protects against incidental
+          challenge-response protocol. This protects against incidental
           wire-sniffing. The name of a file may follow the
-          <literal>crypt</literal> keyword that contains a list of users
-          that this record pertains to.
+          <literal>crypt</literal> keyword.  It contains a list of users
+          for this record.
          </para>
         </listitem>
        </varlistentry>

doc/src/sgml/protocol.sgml

@@ -1,4 +1,4 @@
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.18 2001/06/22 23:27:48 petere Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.19 2001/08/15 18:42:14 momjian Exp $ -->
 
 <chapter id="protocol">
  <title>Frontend/Backend Protocol</title>
@@ -1295,7 +1295,7 @@ EncryptedPasswordPacket (F)
 </Term>
 <ListItem>
 <Para>
-                The encrypted (using crypt()) password.
+                The encrypted (using MD5 or crypt()) password.
 </Para>
 </ListItem>
 </VarListEntry>

doc/src/sgml/ref/alter_user.sgml

@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.14 2001/07/10 22:09:27 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.15 2001/08/15 18:42:14 momjian Exp $
 Postgres documentation
 -->
 
@@ -27,7 +27,7 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <rep
 
 where <replaceable class="PARAMETER">option</replaceable> can be:
 
-	  PASSWORD '<replaceable class="PARAMETER">password</replaceable>' 
+	  [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>' 
         | CREATEDB | NOCREATEDB
         | CREATEUSER | NOCREATEUSER 
         | VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>'
@@ -53,10 +53,13 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="PARAMETER">password</replaceable></term>
+      <term><replaceable class="PARAMETER">[ encrypted | unencrypted ] password</replaceable></term>
       <listitem>
        <para>
 	The new password to be used for this account.
+	<literal>Encrypted</literal>/ <literal>unencrypted</literal>
+	controls whether the password is stored encrypted in the
+	database.
        </para>
       </listitem>
      </varlistentry>

doc/src/sgml/ref/create_user.sgml

@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.17 2001/07/10 22:09:27 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.18 2001/08/15 18:42:14 momjian Exp $
 Postgres documentation
 -->
 
@@ -28,7 +28,7 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <re
 where <replaceable class="PARAMETER">option</replaceable> can be:
 
 	  SYSID <replaceable class="PARAMETER">uid</replaceable> 
-        | PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
+        | [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
         | CREATEDB | NOCREATEDB
         | CREATEUSER | NOCREATEUSER
         | IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...]
@@ -72,12 +72,19 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
      </varlistentry>
 
      <varlistentry>
-      <term><replaceable class="parameter">password</replaceable></term>
+      <term><replaceable class="parameter">[ encrypted | unencrypted ] password</replaceable></term>
       <listitem>
        <para>
         Sets the user's password. If you do not plan to use password
         authentication you can omit this option, otherwise the user
         won't be able to connect to a password-authenticated server.
+	</para>
+	<para>
+	<literal>ENCRYPTED/UNENCRYPTED</literal> controls whether the
+	password is stored encrypted in the database. Older clients may
+	have trouble communicating using encrypted password storage.
+	</para>
+	<para>
         See the chapter on client authentication in the
 	<citetitle>Administrator's Guide</citetitle> for details on
         how to set up authentication mechanisms.

doc/src/sgml/runtime.sgml

@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.74 2001/08/09 16:20:43 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.75 2001/08/15 18:42:14 momjian Exp $
 -->
 
 <Chapter Id="runtime">
@@ -967,6 +967,18 @@ env PGOPTIONS='-c geqo=off' psql
 
    <para>
     <variablelist>
+     <varlistentry>
+      <term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term>
+      <listitem>
+       <para>
+        If set to true, <literal>CST</literal>, <literal>EST</literal>,
+        and <literal>SAT</literal> are interpreted as Australian
+        timezones rather than as North American Central/Eastern
+        Timezones and Saturday. The default is false.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry>
       <indexterm>
        <primary>deadlock</primary>
@@ -1260,18 +1272,6 @@ dynamic_library_path = '/usr/local/lib:/home/my_project/lib:$libdir:$libdir/cont
       </listitem>
      </varlistentry>
 
-     <varlistentry>
-      <term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term>
-      <listitem>
-       <para>
-        If set to true, <literal>CST</literal>, <literal>EST</literal>,
-        and <literal>SAT</literal> are interpreted as Australian
-        timezones rather than as North American Central/Eastern
-        Timezones and Saturday. The default is false.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry>
       <indexterm>
        <primary>SSL</primary>