We are running on Red Hat Enterprise Linux 4.0, using PostgreSQL 8.1.4 .
We created our PostgreSQL instance by compiling it from source, and the instance is working just fine. User postgres runs the service; we do not know what the password is, and we think it got created automatically by the compile / install process.
However, my user community is concerned that the password for PostgreSQL (which is MD5 encrypted) could be cracked, and would like to secure it from having access to the shell. I tried attaching /sbin/nologin to the postgres user login information, but that does not work since we use /etc/init.d/postgresql to start and stop the engine.
Does anybody have any suggestions on how to properly address these concerns?
Lane M. Van Ingen
Charleston, SC
