| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Dave <dave(at)hawk-systems(dot)com> |
| Cc: | PostgreSQL-general <pgsql-general(at)postgreSQL(dot)org> |
| Subject: | Re: pg_hba.conf and secondary password file |
| Date: | 2002-03-17 03:38:59 |
| Message-ID: | 200203170338.g2H3cxH23839@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I don't quite understand the question, but you can have multiple
usernames listed or in the file, and you can have multiple lines in
pg_hba.conf.
---------------------------------------------------------------------------
Dave wrote:
> Could you have multiple such references?
>
> for example,
> one entry/file with the postgres user only listed in it which enables trust for
> the postgres user without password challenge
> second entry/file with local users who are allowed with password
>
> Final goal for us listed in next post.
>
> Dave
>
> >-----Original Message-----
> >From: pgsql-general-owner(at)postgresql(dot)org
> >[mailto:pgsql-general-owner(at)postgresql(dot)org]On Behalf Of Bruce Momjian
> >Sent: Friday, March 15, 2002 7:53 PM
> >To: PostgreSQL-general
> >Subject: [GENERAL] pg_hba.conf and secondary password file
> >
> >
> >Right now, we support a secondary password file reference in
> >pg_hba.conf.
> >
> >If the file contains only usernames, we assume that it is the list of
> >valid usernames for the connection. If it contains usernames and
> >passwords, like /etc/passwd, we assume these are the passwords to be
> >used for the connection. Such connections must pass the unencrypted
> >passwords over the wire so they can be matched against the file;
> >'password' encryption in pg_hba.conf.
> >
> >Is it worth keeping this password capability in 7.3? It requires
> >'password' in pg_hba.conf, which is not secure, and I am not sure how
> >many OS's still use crypt in /etc/passwd anyway. Removing the feature
> >would clear up pg_hba.conf options a little.
> >
> >The ability to specify usernames in pg_hba.conf or in a secondary file
> >is being added to pg_hba.conf anyway, so it is really only the password
> >part that we have to decide to keep or remove.
> >
> >--
> > Bruce Momjian | http://candle.pha.pa.us
> > pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> > + If your life is a hard drive, | 830 Blythe Avenue
> > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
> >
> >---------------------------(end of broadcast)---------------------------
> >TIP 3: if posting/reading through Usenet, please send an appropriate
> >subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> >message can get through to the mailing list cleanly
> >
> >
>
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Seth Northrop | 2002-03-17 04:10:46 | OO Data |
| Previous Message | Francisco Reyes | 2002-03-17 02:43:24 | Maintainer(s) for gborg? |