| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | gss+pg(at)cs(dot)brown(dot)edu |
| Cc: | PostgreSQL general mailing list <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: passwords and 7.3 |
| Date: | 2003-01-26 02:09:51 |
| Message-ID: | 200301260209.h0Q29pN23647@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Gregory Seidman wrote:
> Tom Lane sez:
> } Gregory Seidman <gss+pg(at)cs(dot)brown(dot)edu> writes:
> } > Tom Lane sez:
> } > } Secondary password files aren't supported anymore as of 7.3. If that's
> } > } not in the release notes, it's a serious oversight :-(
> }
> } > It certainly isn't mentioned in README or INSTALL. Anyhow, how do I take
> } > the existing external password file (which has encrypted passwords) and
> } > put it into the DB?
> }
> } I'm afraid you don't. The encryption method that was used in external
> } files was crypt(3), which we're migrating away from for various reasons,
> } chiefly lack of cross-platform portability. The encryption method
> } that's now supported in pg_shadow entries is MD5.
> }
> } I'd counsel issuing temporary new passwords to all your users and
> } advising them to change them to something of their own choice...
>
> Hmph. I'm not thrilled that the upgrade path here is a dead end. Since
> this particular installation is my own private install, I can (and have)
> put the passwords in plaintext in the pg_shadow table. In the general
> case, however, this disenfranchises anyone relying on the external
> password file to support external users.
>
> Incidentally, how do I make an md5 password? I assume the authentication
> method in pg_hba.conf has to be set to md5, but how do I encrypt the
> password to put in the passwd field in pg_shadow? Am I expected to have
> an md5 app on my system somewhere (I don't)? Is there a tool installed
> with postgresql (I don't see such a thing)?
It isn't mentioned in the MIGRATION section (bad), but is mentioned as
change in the HISTORY file:
Remove secondary password file capability and pg_password utility
(Bruce)
We honestly didn't think anyone was using that secondary password file
anymore. You are the first to report the problem.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2003-01-26 02:11:54 | Re: passwords and 7.3 |
| Previous Message | Bruce Momjian | 2003-01-26 01:58:50 | Re: reference to system table |