Hello,
On Thu, 2019-09-19 at 12:30 +0200, Matthias Apitz wrote:
> Hello,
>
> Our software, a huge ILS, is running on Linux with DBS Sybase. To
> connect to the Sybase server (over the network, even on localhost),
> credentials must be known: a user (say 'sisis') and its password.
>
> For Sybase we have them stored on the disk of the system in a file
> syb.npw as:
>
> $ cat /opt/lib/sisis/etc/syb/syb.npw
> sisis:e53902b9923ab2fb
> sa:64406def48efca8c
>
> for the user 'sisis' and the administrator 'sa'. Our software has as
> shared library a blob which knows how to decrypt the password hash
> above
> shown as 'e53902b9923ab2fb' into clear text which is then used in the
> ESQL/C or Java layer to connect to the Sybase server.
>
> For PostgreSQL the password must be typed in (for pgsql) or can be
> provided in an environment variable PGPASSWORD=blabla
>
> Is there somehow an API in PG to use ciphered passwords and provide
> as a
> shared library the blob to decrypt it? If not, we will use the
> mechanism same as
> we use for Sybase. Or any other idea to not make detectable the
> credentials? This was a request of our customers some years ago.
>
> matthias
>
>
https://www.postgresql.org/docs/11/auth-password.html
Chapters 20.5 and 20.6 may give you more information.
HTH,
Robert
