password authentication

Phuong,

The pg_hba.conf has a lot to do with authentication. I strongly suggest
you read through the internal documentation in the file itself, as well
as the sections in the 7.1 docs. They explain the system very well.

The shortcut to the answer is you probably are using "trust"
authentication which means it doesn't check passwords at all. As I said,
read the examples in the file and in the docs and I'm sure you will
figure it out. Also remember that the FIRST authentication method that
matches in the pg_hba.conf file is the one that is used for a given
combination of DB, IP, MASK, auth method, etc.

Tim Frank

Original Message <<<<<<<<<<<<<<<<<<

On 19/04/01, 7:36:19 PM, pma@commandprompt.com (Phuong Ma) wrote
regarding password authentication:

Phuong Ma wrote:

Hi,

I was wondering what the different methods of creating a password
accomplish because I created a password for a test user using the
command WITH PASSWORD. I tried testing to see if I could log on without
a password, and it worked. Is there anything else I would need to do to
activate the password authentication? Does the pg_hba.conf file have
anything to do with this? If it does, and I only want to create a
password for this one user, would I specify it in the pg_hba.conf file?

Use pg_hba.conf to turn on password checking. Checking is done if
the connection method, database (and connection source for TCP/IP) match
a line in pg_hba.conf that requires it.

You cannot turn on checking per _user_. It's all users or none.

--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"For this reason I also suffer these things,
but I am not ashamed; for I know whom I have
believed, and am persuaded that He is able to keep
that which I have committed unto him until that day."
II Timothy 1:12