| From: | Ron Snyder <snyder(at)roguewave(dot)com> |
|---|---|
| To: | 'Bruce Momjian' <pgman(at)candle(dot)pha(dot)pa(dot)us>, Ron Snyder <snyder(at)roguewave(dot)com> |
| Cc: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Open 7.3 items |
| Date: | 2002-07-31 22:11:08 |
| Message-ID: | F888C30C3021D411B9DA00B0D0209BE803BB9CC5@cvo-exchange.cvo.roguewave.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> OK, how do secondary passwords work in pg_hba.conf. It requires
> clear-text 'password', right, because the password is already crypt-ed
> in the file.
I presume that you're referring to passwords being transmitted clear text?
> One idea I had was to look for a colon in the username, and if I see
> one, I assume everything after the colon is a password.
> Would that work
> for you?
It would as long as there was an assumption (or method to specify) that the
stuff after the colon is a crypt()ed password. Our method to generate the
password file is to 'ypcat passwd > /db/etc/password; cat
/db/etc/pg-only-passwords >> /db/etc/password'. We could very easily only
pull only the fields we care about from our yp passwd file.
I suppose I should also mention that we're not wedded to this method-- we've
just found it convenient. If we needed to script something else up to
connect to the databases and set passwords, we could do that too, it would
just be a bit more work.
-ron
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-07-31 22:46:17 | Re: Open 7.3 items |
| Previous Message | Peter Eisentraut | 2002-07-31 22:04:13 | Re: Open 7.3 items |