From: | "Dave" <dave(at)hawk-systems(dot)com> |
---|---|
To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "PostgreSQL-general" <pgsql-general(at)postgreSQL(dot)org> |
Subject: | Re: pg_hba.conf and secondary password file |
Date: | 2002-03-17 02:40:12 |
Message-ID: | DBEIKNMKGOBGNDHAAKGNKEJJNDAA.dave@hawk-systems.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Could you have multiple such references?
for example,
one entry/file with the postgres user only listed in it which enables trust for
the postgres user without password challenge
second entry/file with local users who are allowed with password
Final goal for us listed in next post.
Dave
>-----Original Message-----
>From: pgsql-general-owner(at)postgresql(dot)org
>[mailto:pgsql-general-owner(at)postgresql(dot)org]On Behalf Of Bruce Momjian
>Sent: Friday, March 15, 2002 7:53 PM
>To: PostgreSQL-general
>Subject: [GENERAL] pg_hba.conf and secondary password file
>
>
>Right now, we support a secondary password file reference in
>pg_hba.conf.
>
>If the file contains only usernames, we assume that it is the list of
>valid usernames for the connection. If it contains usernames and
>passwords, like /etc/passwd, we assume these are the passwords to be
>used for the connection. Such connections must pass the unencrypted
>passwords over the wire so they can be matched against the file;
>'password' encryption in pg_hba.conf.
>
>Is it worth keeping this password capability in 7.3? It requires
>'password' in pg_hba.conf, which is not secure, and I am not sure how
>many OS's still use crypt in /etc/passwd anyway. Removing the feature
>would clear up pg_hba.conf options a little.
>
>The ability to specify usernames in pg_hba.conf or in a secondary file
>is being added to pg_hba.conf anyway, so it is really only the password
>part that we have to decide to keep or remove.
>
>--
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
>message can get through to the mailing list cleanly
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Francisco Reyes | 2002-03-17 02:43:24 | Maintainer(s) for gborg? |
Previous Message | Miguel Omar Carvajal | 2002-03-17 01:54:54 | update cursor |