pg_shadow.passwd versus pg_hba.conf password passwd
Re-Sending due to rejection after subscribing, before confirming.
Sorry if two make it through...
Background: Trying to use a Cobalt box that has PostgreSQL pre-installed.
I can change localhost "crypt" to "trust" in pg_hba.conf, but I don't
really want to do that long-term.
If I'm reading "man pg_passwd" correctly, I can create a standard
Un*x passwd file and use that with "password" in pg_hba.conf
However, the current installation seems to be using "crypt", with no
passwd file, and with unencrypted passwords in the pg_shadow.passwd
field -- Or, at least, as far as I can tell, since /etc/.meta.id has
the same text as the admin's pg_shadow.passwd field.
So, my question is, what is the "passwd" field in pg_shadow for?...
Is that where an unencrypted password would be stored if I used
"password" rather than "crypt"?... That seems the exact opposite of
the reality on this box. Or can I get pg_hba.conf to just use that
field somehow with "crypt"?
If I *cannot* use pg_shadow.passwd for the encrypted password, and I
use standard Un*x passwd file, does create_user know enough with -P
to fill that in properly, or am I on my own?...
How is Cobalt getting this to work with "localhost all crypt" in
pg_hba.conf, but the password does not seem to be encrypted:
/etc/.meta.id is plaintext of pg_shadow.passwd, and there is no
obvious passwd file, so where's the crypt?
I've installed PostgreSQL before, and all this stuff just worked somehow. :-^
I'm reading all the docs I can find, but interpreting them correctly
is another matter :-)
Please Cc: me, as I'm not really active on this list...
Richard Lynch writes:
If I'm reading "man pg_passwd" correctly, I can create a standard
Un*x passwd file and use that with "password" in pg_hba.conf
Correct.
However, the current installation seems to be using "crypt", with no
passwd file, and with unencrypted passwords in the pg_shadow.passwd
field
I don't know what your current installation is, but that is definitely a
possible scenario.
-- Or, at least, as far as I can tell, since /etc/.meta.id has
the same text as the admin's pg_shadow.passwd field.
The file /etc/.meta.id is not used by PostgreSQL as distributed.
So, my question is, what is the "passwd" field in pg_shadow for?...
If you don't use the extra argument after "password" in pg_hba.conf then
that's where the password comes from.
Is that where an unencrypted password would be stored if I used
"password" rather than "crypt"?...
"password" vs "crypt" is only related to what goes over the wire, not
where the password comes from.
That seems the exact opposite of the reality on this box. Or can I
get pg_hba.conf to just use that field somehow with "crypt"?
Crypt with password file is not possible, I'm afraid.
If I *cannot* use pg_shadow.passwd for the encrypted password,
You can. You *are*, AFAICT.
and I use standard Un*x passwd file, does create_user know enough with
-P to fill that in properly, or am I on my own?...How is Cobalt getting this to work with "localhost all crypt" in
pg_hba.conf, but the password does not seem to be encrypted:
/etc/.meta.id is plaintext of pg_shadow.passwd, and there is no
obvious passwd file, so where's the crypt?
On the wire.
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/