Index of /code/PostgreSQL/iddb

[ICO]NameLast modifiedSizeDescription

[DIR]Parent Directory  -  
[   ]LICENSE25-Feb-2007 10:36 18K 
[TXT]README.html25-Feb-2007 10:35 3.9K 
[TXT]demo.pl25-Feb-2007 09:33 4.8K 
[   ]global.sql25-Feb-2007 09:32 82  
[TXT]iddb_create.sh25-Feb-2007 09:32 473  
[   ]iddb_create.sql25-Feb-2007 09:56 20K 
[TXT]pam_authtok.c25-Feb-2007 10:25 17K 

README for y_mhash

iddb

This database shows why one might care about some of the other PostgreSQL data types and functions I've created. The most intersting bit is the account_insert view, and associated rules. Inserting a simple 'username, password' couplet into the account_insert view triggers code that will automatically calculate all manner of password hash values for that account. It also logs previous account information to a log table.

The idea here is that until the world is blessed with a single authentication mechanism, which is likely never going to happen, we need to be able to maintain credentials in the potpourri of real world systems we have to deal with. Some systems might need des3 crypts, some need simple md5 hashes, others require salted md5 hmac values, and so on. Doing the heavy lifting on the database side provides the usual advantages of using a database: it absolves the client interface de-jour of having to think very much.

One direction I'd like to take this is to create the cryptographic primitives required to support Kerberos. Heimdal Kerberos can use LDAP as the storage backend, rather than the usual disk based binary encoding. This would make it relatively straightforward to add Kerberos to the list of authentication mechanisms that could be supported by this system.

There is some included perl code to illustrate one possible way interface with the database. This is an ongoing project which does not yet have a stable interface, however.

I've written the skeleton code for hooking this all into PAM (pam_authtok.c), but I haven't completed the hookup yet.

Examples:

iddb=> INSERT INTO account_insert VALUES ( 'auser', 'abadpass' );
INSERT 0 1
iddb=> \x
Expanded display is on.
iddb=> select * from account;
username   | auser
           created    | 2007-02-25 10:14:34.607277-05
           crypt_des  | AFy5LaQF57Nx6
           crypt_xdes | _J9..ozr2s8f7Jb2IFsw
           crypt_md5  | $1$zx0tRBr3$xS1Is0uF0k.9R0AA1Fj9N.
           crypt_bf   | $2a$06$okIlCfAwpheWUR/OHdHcduvdzI6RjJUHN.5bTRiulCKHhE/b/UY6u
           pass_md5   | 9d91ec0eb153d60dd1e4d4d3d3b17ffc
           pass_sha1  | 9e9c5ad83d613b44b6225e571f3e581c0645aef9
           lanman     | 2BFF7D5CA5E383C593E28745B8BF4BA6
           ntlm       | 891156A9FE45E7356E987411BD72EDFB
           pass_enc   | \301\301N\003?b\027\300\262\237=\345\020\010\000\200\217T ...etc...


iddb=> INSERT INTO account_insert VALUES ( 'auser', 'bbadpass' );
INSERT 0 1
iddb=> select * from account_log;
username   | auser
           created    | 2007-02-25 10:14:34.607277-05
           updated    | 2007-02-25 10:20:18.601932-05
           crypt_des  | AFy5LaQF57Nx6
           crypt_xdes | _J9..ozr2s8f7Jb2IFsw
           crypt_md5  | $1$zx0tRBr3$xS1Is0uF0k.9R0AA1Fj9N.
           crypt_bf   | $2a$06$okIlCfAwpheWUR/OHdHcduvdzI6RjJUHN.5bTRiulCKHhE/b/UY6u
           pass_md5   | 9d91ec0eb153d60dd1e4d4d3d3b17ffc
           pass_sha1  | 9e9c5ad83d613b44b6225e571f3e581c0645aef9
           lanman     | 2BFF7D5CA5E383C593E28745B8BF4BA6
           ntlm       | 891156A9FE45E7356E987411BD72EDFB
           pass_enc   | \301\301N\003?b\027\300\262\237=\345\020\010\000\200\217T ...etc...

More Yellowbank Code.


Last modified: Sun Feb 25 10:35:24 EST 2007