| From: | Ron Peterson <ron(dot)peterson(at)yellowbank(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: create user, user exists |
| Date: | 2001-03-17 17:14:58 |
| Message-ID: | 3AB39B92.8DA4A574@yellowbank.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
>
> Ron Peterson <ron(dot)peterson(at)yellowbank(dot)com> writes:
> > I'm having a bit of authentication trouble. I'm trying to use 'crypt'
> > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows:
>
> IIRC, you can't use crypt with a flat password file, you have to use
> plain passwd authentication. (On a local connection there's not much
> point in crypt anyway...)
>
> BTW, it may help to look in the postmaster log; for many authentication
> failures, the error message sent to the client is deliberately not
> telling all. The message recorded in the log may have additional
> details.
I misunderstood the difference between 'crypt' and 'password'. I
thought they both did a flat password file, and 'crypt' crypted the
passwords, and 'password' didn't. Instead, 'crypt' encrypts passwords
sent over the wire, and 'password' authenticates against a flat
(crypted) password file, rather than pg_shadow.
So local+crypt doesn't make a lot of sense, obviously.
So now I'm trying to decide whether I want to use 'password' or
pg_shadow for user authentication. Using 'password' seems like a broad
(and easily managed) brush, while using groups would give me a finer
degree of control over permission settings. I'm using ssl for my remote
connections, so the whole 'crypt' thing is irrelevant.
-Ron-
GPG and other info at: http://www.yellowbank.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Patrick Welche | 2001-03-17 17:33:51 | Re: Re: URL for gmake |
| Previous Message | Bruce Momjian | 2001-03-17 15:58:30 | Re: [GENERAL] Re: New PostgreSQL session monitor |