Re: Open 7.3 items - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Open 7.3 items
Date
Msg-id 200207312246.g6VMkIS29924@candle.pha.pa.us
Whole thread Raw
In response to Re: Open 7.3 items  (Ron Snyder <snyder@roguewave.com>)
List pgsql-hackers
Ron Snyder wrote:
> > OK, how do secondary passwords work in pg_hba.conf.  It requires
> > clear-text 'password', right, because the password is already crypt-ed
> > in the file.
> 
> I presume that you're referring to passwords being transmitted clear text?  

Yes, is that your pg_hba.conf line?  'password' is insecure over
networks you don't trust.

> > One idea I had was to look for a colon in the username, and if I see
> > one, I assume everything after the colon is a password.  
> > Would that work
> > for you?
> 
> It would as long as there was an assumption (or method to specify) that the
> stuff after the colon is a crypt()ed password.  Our method to generate the

It would be whatever password is specified on the pg_hba.conf line,
'password', 'crypt', or 'md5'.

> password file is to 'ypcat passwd > /db/etc/password; cat
> /db/etc/pg-only-passwords >> /db/etc/password'.  We could very easily only
> pull only the fields we care about from our yp passwd file.
> 
> I suppose I should also mention that we're not wedded to this method-- we've
> just found it convenient.  If we needed to script something else up to
> connect to the databases and set passwords, we could do that too, it would
> just be a bit more work.

OK.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 


pgsql-hackers by date:

Previous
From: Ron Snyder
Date:
Subject: Re: Open 7.3 items
Next
From: Yuva Chandolu
Date:
Subject: IO error - please help