| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | PostgreSQL-general <pgsql-general(at)postgreSQL(dot)org> |
| Subject: | pg_hba.conf and secondary password file |
| Date: | 2002-03-16 00:53:08 |
| Message-ID: | 200203160053.g2G0r8s23621@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Right now, we support a secondary password file reference in
pg_hba.conf.
If the file contains only usernames, we assume that it is the list of
valid usernames for the connection. If it contains usernames and
passwords, like /etc/passwd, we assume these are the passwords to be
used for the connection. Such connections must pass the unencrypted
passwords over the wire so they can be matched against the file;
'password' encryption in pg_hba.conf.
Is it worth keeping this password capability in 7.3? It requires
'password' in pg_hba.conf, which is not secure, and I am not sure how
many OS's still use crypt in /etc/passwd anyway. Removing the feature
would clear up pg_hba.conf options a little.
The ability to specify usernames in pg_hba.conf or in a secondary file
is being added to pg_hba.conf anyway, so it is really only the password
part that we have to decide to keep or remove.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Tkach | 2002-03-16 01:50:56 | Re: Btree index extension question |
| Previous Message | Jeff Davis | 2002-03-16 00:45:21 | Re: How to catch NOTIFY messages with PHP |