From: Phil Thompson <phil@river-bank.demon.co.uk>

I've completed the patch to fix the protocol and authentication issues I
was discussing a couple of weeks ago.  The particular changes are:

- the protocol has a version number
- network byte order is used throughout
- the pg_hba.conf file is used to specify what method is used to
  authenticate a frontend (either password, ident, trust, reject, krb4
  or krb5)
- support for multiplexed backends is removed
- appropriate changes to man pages
- the -a switch to many programs to specify an authentication service
  no longer has any effect
- the libpq.so version number has changed to 1.1

The new backend still supports the old protocol so old interfaces won't
break.

Author: scrappy

src/backend/libpq/auth.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-dumpdata.c,v 1.9 1997/09/12 04:07:50 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-dumpdata.c,v 1.10 1998/01/26 01:41:05 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -34,7 +34,7 @@
 #include <postgres.h>
 
 #include <lib/dllist.h>
-#include <libpq/libpq-be.h>
+#include <libpq/libpq.h>
 #include <access/heapam.h>
 #include <access/htup.h>
 #include <storage/buf.h>

src/backend/libpq/be-dumpdata.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.13 1998/01/07 21:03:16 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.14 1998/01/26 01:41:06 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -27,7 +27,7 @@
 #include <tcop/fastpath.h>
 #include <tcop/tcopprot.h>
 #include <lib/dllist.h>
-#include <libpq/libpq-be.h>
+#include <libpq/libpq.h>
 #include <fmgr.h>
 #include <utils/exc.h>
 #include <utils/builtins.h>

src/backend/libpq/be-pqexec.c

@@ -17,16 +17,17 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
 
 #include "postgres.h"
 #include "miscadmin.h"
 #include "utils/nabstime.h"
 #include "storage/fd.h"
 #include "libpq/crypt.h"
 
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
 char**     pwd_cache = NULL;
 int        pwd_cache_count = 0;
 
@@ -219,6 +220,7 @@ int crypt_getloginfo(const char* user, char** passwd, char** valuntil) {
 
 /*-------------------------------------------------------------------------*/
 
+#ifdef 0
 MsgType crypt_salt(const char* user) {
 
   char*     passwd;
@@ -237,6 +239,7 @@ MsgType crypt_salt(const char* user) {
   if (valuntil) free((void*)valuntil);
   return STARTUP_SALT_MSG;
 }
+#endif
 
 /*-------------------------------------------------------------------------*/
 
@@ -258,7 +261,13 @@ int crypt_verify(Port* port, const char* user, const char* pgpass) {
     return STATUS_ERROR;
   }
 
-  crypt_pwd = crypt(passwd, port->salt);
+  /*
+   * Compare with the encrypted or plain password depending on the
+   * authentication method being used for this connection.
+   */
+
+  crypt_pwd = (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
+
   if (!strcmp(pgpass, crypt_pwd)) {
     /* check here to be sure we are not past valuntil
      */