Thread: pg_hba.conf and secondary password file

Right now, we support a secondary password file reference in
pg_hba.conf.

If the file contains only usernames, we assume that it is the list of
valid usernames for the connection.  If it contains usernames and
passwords, like /etc/passwd, we assume these are the passwords to be
used for the connection.  Such connections must pass the unencrypted
passwords over the wire so they can be matched against the file;
'password' encryption in pg_hba.conf.

Is it worth keeping this password capability in 7.3?  It requires
'password' in pg_hba.conf, which is not secure, and I am not sure how
many OS's still use crypt in /etc/passwd anyway.  Removing the feature
would clear up pg_hba.conf options a little.

The ability to specify usernames in pg_hba.conf or in a secondary file
is being added to pg_hba.conf anyway, so it is really only the password
part that we have to decide to keep or remove.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Right now, we support a secondary password file reference in
> pg_hba.conf.
> Is it worth keeping this password capability in 7.3?

I'd not cry if it went away.  We could get rid of pg_passwd, which
is an ugly mess...
        regards, tom lane

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Right now, we support a secondary password file reference in
> > pg_hba.conf.
> > Is it worth keeping this password capability in 7.3?
> 
> I'd not cry if it went away.  We could get rid of pg_passwd, which
> is an ugly mess...

Yes, that was my thinking too.  Seems like a good time for housecleaning
pg_hba.conf.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 

Bruce Momjian writes:

> Is it worth keeping this password capability in 7.3?  It requires
> 'password' in pg_hba.conf, which is not secure, and I am not sure how
> many OS's still use crypt in /etc/passwd anyway.  Removing the feature
> would clear up pg_hba.conf options a little.

Personally, I don't care.  But I'm concerned that some people might use
this to support different passwords for different databases.  Not sure why
you'd want that.  Maybe send an advisory to -general to see.

-- 
Peter Eisentraut   peter_e@gmx.net

Peter Eisentraut wrote:
> Bruce Momjian writes:
> 
> > Is it worth keeping this password capability in 7.3?  It requires
> > 'password' in pg_hba.conf, which is not secure, and I am not sure how
> > many OS's still use crypt in /etc/passwd anyway.  Removing the feature
> > would clear up pg_hba.conf options a little.
> 
> Personally, I don't care.  But I'm concerned that some people might use
> this to support different passwords for different databases.  Not sure why
> you'd want that.  Maybe send an advisory to -general to see.

Yes, I will send to general.  I wanted to get feedback from hackers
first --- I will send now.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026