Thread: usernames and passwords

usernames and passwords

From
Vicente Vives
Date:
Hi .
I have a server running PostgreSQL Version 6.5, and i have a problem.
I grant some distinct privileges to some users (and that works). The
problem
is that those users can log in with any password. Each user has a
password
assigned but not matter the password the user use to log in, if the user
exists always will get access to the database.

Has anybony an idea?
Any response will be wellcome.

Thanks for all.


Vicent Vives.



Re: usernames and passwords

From
Oliver Elphick
Date:
On Mon, 2002-07-22 at 11:16, Vicente Vives wrote:
>
> Hi .
> I have a server running PostgreSQL Version 6.5, and i have a problem.
> I grant some distinct privileges to some users (and that works). The
> problem
> is that those users can log in with any password. Each user has a
> password
> assigned but not matter the password the user use to log in, if the user
> exists always will get access to the database.

Look at $PGDATA/pg_hba.conf

This self-documenting file contains the access parameters.

Incidentally, version 6.5 is very old and buggy.  You should consider
upgrading to the current version, 7.2.1

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight, UK
http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
                 ========================================
     "Then Peter and the other apostles answered and said,
      We ought to obey God rather than men."
                                        Acts 5:29


Re: usernames and passwords

From
Artur Pietruk
Date:
On Mon, Jul 22, 2002 at 12:16:53PM +0200, Vicente Vives wrote:
> Hi .

    Hello!

> I have a server running PostgreSQL Version 6.5, and i have a problem.
> I grant some distinct privileges to some users (and that works). The
> problem
> is that those users can log in with any password. Each user has a
> password
> assigned but not matter the password the user use to log in, if the user
> exists always will get access to the database.

    Go to your $PGDATA directory, and check your pg_hba.conf. That's
file where you can confiure access do your db - it is wery well commented,
read it and you will find out what to do (if not, go to docs and read about
pg_hba.conf). It looks, that you may have "trust" enabled for local
connections (or for whatever way they are connecting), or something like
that, and that is why users are authenticated without their passwords.

    Best regards,
--
--- Artur Pietruk, arturp@plukwa.net

Re: usernames and passwords

From
Vicente Vives
Date:
Artur Pietruk wrote:
>
> On Mon, Jul 22, 2002 at 12:16:53PM +0200, Vicente Vives wrote:
> > Hi .
>
>         Hello!
>
> > I have a server running PostgreSQL Version 6.5, and i have a problem.
> > I grant some distinct privileges to some users (and that works). The
> > problem
> > is that those users can log in with any password. Each user has a
> > password
> > assigned but not matter the password the user use to log in, if the user
> > exists always will get access to the database.
>
>         Go to your $PGDATA directory, and check your pg_hba.conf. That's
> file where you can confiure access do your db - it is wery well commented,
> read it and you will find out what to do (if not, go to docs and read about
> pg_hba.conf). It looks, that you may have "trust" enabled for local
> connections (or for whatever way they are connecting), or something like
> that, and that is why users are authenticated without their passwords.
>


That's correct!
In my pg_hba.conf the option 'trust' was enabled. If i changed it to
'crypt' the users can access correctly.

Thank you very much!


Vicent Vives.