Re: pg_hba.conf and secondary password file
От | Bruce Momjian |
---|---|
Тема | Re: pg_hba.conf and secondary password file |
Дата | |
Msg-id | 200203170338.g2H3cxH23839@candle.pha.pa.us обсуждение исходный текст |
Ответ на | Re: pg_hba.conf and secondary password file ("Dave" <dave@hawk-systems.com>) |
Список | pgsql-general |
I don't quite understand the question, but you can have multiple usernames listed or in the file, and you can have multiple lines in pg_hba.conf. --------------------------------------------------------------------------- Dave wrote: > Could you have multiple such references? > > for example, > one entry/file with the postgres user only listed in it which enables trust for > the postgres user without password challenge > second entry/file with local users who are allowed with password > > Final goal for us listed in next post. > > Dave > > >-----Original Message----- > >From: pgsql-general-owner@postgresql.org > >[mailto:pgsql-general-owner@postgresql.org]On Behalf Of Bruce Momjian > >Sent: Friday, March 15, 2002 7:53 PM > >To: PostgreSQL-general > >Subject: [GENERAL] pg_hba.conf and secondary password file > > > > > >Right now, we support a secondary password file reference in > >pg_hba.conf. > > > >If the file contains only usernames, we assume that it is the list of > >valid usernames for the connection. If it contains usernames and > >passwords, like /etc/passwd, we assume these are the passwords to be > >used for the connection. Such connections must pass the unencrypted > >passwords over the wire so they can be matched against the file; > >'password' encryption in pg_hba.conf. > > > >Is it worth keeping this password capability in 7.3? It requires > >'password' in pg_hba.conf, which is not secure, and I am not sure how > >many OS's still use crypt in /etc/passwd anyway. Removing the feature > >would clear up pg_hba.conf options a little. > > > >The ability to specify usernames in pg_hba.conf or in a secondary file > >is being added to pg_hba.conf anyway, so it is really only the password > >part that we have to decide to keep or remove. > > > >-- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > > >---------------------------(end of broadcast)--------------------------- > >TIP 3: if posting/reading through Usenet, please send an appropriate > >subscribe-nomail command to majordomo@postgresql.org so that your > >message can get through to the mailing list cleanly > > > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
В списке pgsql-general по дате отправления: