Document actual string that has to be returned by the client for MD5

authentication.

Report and pseudo code by Cyan Ogilvie

diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 19c9686fff4407bc1e1067506ba7b984f0c8b70a..4fda5189709a44f35971bb07a9df5d3900e27612 100644 (file)
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -293,10 +293,15 @@
       
        
         The frontend must now send a PasswordMessage containing the
-        password encrypted via MD5, using the 4-character salt
-        specified in the AuthenticationMD5Password message.  If
-        this is the correct password, the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
+        password (with username) encrypted via MD5, then encrypted
+        again using the 4-byte random salt specified in the
+        AuthenticationMD5Password message.  If this is the correct
+        password, the server responds with an AuthenticationOk,
+        otherwise it responds with an ErrorResponse.  The actual
+        PasswordMessage can be computed in SQL as concat('md5',
+        md5(concat(md5(concat(password, username)), random-salt))).
+        (Keep in mind the md5() function returns its
+        result as a hex string.)