+
+ 2000-11-18
+
+
-
-
+ 1
Application
+
-
-
-
- Manipulate the flat password file
-
+ pg_passwd
+ Manipulate a text password file
+
-
- 1999-07-20
-
-
-pg_passwd filename
-
+
+ pg_passwd
+
-
-
- 1999-07-20
-
-
</div>
<div class="diff rem">- Description</div>
<div class="diff rem">-
+
+
Description
- is a tool to manipulate the
- flat password file functionality of
-
Postgres. This style of password
- authentication is not required in an
- installation, but is one of several supported security mechanisms.
+
pg_passwd is a tool to manipulate a flat+ text password file for the purpose of using that file to control
+ the client authentication of the
+
PostgreSQL server. More information
+ about setting up this authentication mechanism can be found in the
+ Administrator's Guide.
- Specify the password file in the same style of
- Ident authentication in
- $PGDATA/pg_hba.conf:
-
-host unv 133.65.96.250 255.255.255.255 password passwd
-
-
- where the above line allows access from 133.65.96.250 using the passwords listed
- in $PGDATA/passwd.
- The format of the password file follows those of
- /etc/passwd
- and
- /etc/shadow.
- The first field is the user name, and the second field
- is the encrypted password.
- The rest is completely ignored.
- Thus the following three sample lines specify the same user and password pair:
-
-pg_guest:/nB7.w5Auq.BY:10031::::::
-pg_guest:/nB7.w5Auq.BY:93001:930::/home/guest:/bin/tcsh
-pg_guest:/nB7.w5Auq.BY:93001
-
+ The form of a text password file is one entry per line; the fields
+ of each entry are separated by colons. The first field is the user
+ name, the second field is the encrypted password. Other fields are
+ ignored (to allow password files to be shared between applications
+ that use similar formats). The functionality of the
+
pg_passwd utility is to enable a user to
+ interactively add entries to such a file, to alter passwords of
+ existing entries, and to take care of encrypting the passwords.
- Supply the password file to the pg_passwd command.
- In the case described above, after changing the working directory to
- PGDATA, the following command execution specifies
- the new password for pg_guest:
-
- $ pg_passwd passwd
- Username: pg_guest
- Password:
- Re-enter password:
-
-
- where the Password:
- and Re-enter password:
- prompts require the same password input which are not displayed
- on the terminal.
- The original password file is renamed to
- passwd.bk.
+ Supply the name of the password file as argument to the pg_passwd
+ command. To be of use for client authentication the file needs to
+ be location in the server's data directory, and the base name of
+ the file needs to be specified in the
+ pg_hba.conf access control file.
+
+
+
$ pg_passwd /usr/local/pgsql/data/passwords+File "/usr/local/pgsql/data/passwords" does not exist. Create? (y/n): y
+
+
+ where the Password: and Re-enter
+ password: prompts require the same password input which
+ is not displayed on the terminal.
- uses the
- option to invoke this style of
- authentication.
+ The original password file is renamed to
+ passwords.bk.
- The following lines show the sample usage of the option:
+ To make use of this password file, put a line like the following in
+ pg_hba.conf:
-$ psql -h hyalos -u unv
-Username: pg_guest
-Password:
-Welcome to the POSTGRESQL interactive sql monitor:
- Please read the file COPYRIGHT for copyright terms of POSTGRESQL
- type \? for help on slash commands
- type \q to quit
- type \g or terminate with semicolon to execute query
- You are currently connected to the database: unv
-unv=>
-
-
-
- Perl5 authentication
- uses the new style of the Pg.pm like this:
+host unv 133.65.96.250 255.255.255.255 password passwords
+
-$conn = Pg::connectdb("host=hyalos dbname=unv
- user=pg_guest password=xxxxxxx");
-
-
- For more details, refer to
- src/interfaces/perl5/Pg.pm.
+ which would allow access from host 133.65.96.250 using the
+ passwords listed in the passwords file (and
+ only to the users listed in the file).
- Pg{tcl,tk}sh authentication
- uses the
- pg_connect
- command with the
-
- option thusly:
-
-% set conn [pg_connect -conninfo \\
- "host=hyalos dbname=unv \\
- user=pg_guest password=xxxxxxx "]
-
-
- You can list all of the keys for the option by executing the following
- command:
+
+ It is also useful to have entries in password file with an empty
+ password field. (This is different from an empty password.)
+ These entries cannot be managed by
+
pg_passwd, but it is always possible to
+ edit password files manually.
+
+
+
-% puts [ pg_conndefaults]
-
+
+
See also
+ PostgreSQL Administrator's Guide
projects / postgresql.git / commitdiff