Tom Lane wrote:
>
> Ron Peterson <ron.peterson@yellowbank.com> writes:
> > I'm having a bit of authentication trouble. I'm trying to use 'crypt'
> > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows:
>
> IIRC, you can't use crypt with a flat password file, you have to use
> plain passwd authentication. (On a local connection there's not much
> point in crypt anyway...)
>
> BTW, it may help to look in the postmaster log; for many authentication
> failures, the error message sent to the client is deliberately not
> telling all. The message recorded in the log may have additional
> details.
I misunderstood the difference between 'crypt' and 'password'. I
thought they both did a flat password file, and 'crypt' crypted the
passwords, and 'password' didn't. Instead, 'crypt' encrypts passwords
sent over the wire, and 'password' authenticates against a flat
(crypted) password file, rather than pg_shadow.
So local+crypt doesn't make a lot of sense, obviously.
So now I'm trying to decide whether I want to use 'password' or
pg_shadow for user authentication. Using 'password' seems like a broad
(and easily managed) brush, while using groups would give me a finer
degree of control over permission settings. I'm using ssl for my remote
connections, so the whole 'crypt' thing is irrelevant.
-Ron-
GPG and other info at: http://www.yellowbank.com/
