Richard Lynch writes:
> If I'm reading "man pg_passwd" correctly, I can create a standard
> Un*x passwd file and use that with "password" in pg_hba.conf
Correct.
> However, the current installation seems to be using "crypt", with no
> passwd file, and with unencrypted passwords in the pg_shadow.passwd
> field
I don't know what your current installation is, but that is definitely a
possible scenario.
> -- Or, at least, as far as I can tell, since /etc/.meta.id has
> the same text as the admin's pg_shadow.passwd field.
The file /etc/.meta.id is not used by PostgreSQL as distributed.
> So, my question is, what is the "passwd" field in pg_shadow for?...
If you don't use the extra argument after "password" in pg_hba.conf then
that's where the password comes from.
> Is that where an unencrypted password would be stored if I used
> "password" rather than "crypt"?...
"password" vs "crypt" is only related to what goes over the wire, not
where the password comes from.
> That seems the exact opposite of the reality on this box. Or can I
> get pg_hba.conf to just use that field somehow with "crypt"?
Crypt with password file is not possible, I'm afraid.
> If I *cannot* use pg_shadow.passwd for the encrypted password,
You can. You *are*, AFAICT.
> and I use standard Un*x passwd file, does create_user know enough with
> -P to fill that in properly, or am I on my own?...
>
> How is Cobalt getting this to work with "localhost all crypt" in
> pg_hba.conf, but the password does not seem to be encrypted:
> /etc/.meta.id is plaintext of pg_shadow.passwd, and there is no
> obvious passwd file, so where's the crypt?
On the wire.
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
