Lincoln Yeoh wrote:
>Right now any user on the local machine can log on as postgres to the
>template1 database. I don't like that, so I wish to turn on password
>checking.
>
>OK so I edit pg_hba.conf and put:
>
>local all password
>host all 127.0.0.1 255.255.255.255 password
>
>Then I have problems logging in as ANY user. Couldn't figure out what the
>default password for the postgres user was. Only after some messing around
>I found that I could log on as the postgres user with the password \N. Not
>obvious, at least to me.
>
>I only guessed it after looking at the pg_pwd file and noticing a \N there.
>Is this where the passwords are stored? By the way should they be stored in
>the clear and in a 666 permissions file? How about hashing them with some
>salt?
The PGDATA directory should have permission rwx------, so that no one can
descend into it to look at pg_pwd; therefore the file's own permissions are
unimportant.
>Now the next problem is: How do I change the postgres user password?
ALTER USER will change passwords held in pg_shadow, including that of the
postgres user, but will not, I think, change those set by pg_passwd.
--
Vote against SPAM: http://www.politik-digital.de/spam/
========================================
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP key from public servers; key ID 32B8FAA1
========================================
"And he shall judge among the nations, and shall rebuke
many people; and they shall beat their swords into
plowshares, and their spears into pruninghooks; nation
shall not lift up sword against nation, neither shall
they learn war any more." Isaiah 2:4
