Gregory Seidman wrote:
> Tom Lane sez:
> } Gregory Seidman <gss+pg@cs.brown.edu> writes:
> } > Tom Lane sez:
> } > } Secondary password files aren't supported anymore as of 7.3. If that's
> } > } not in the release notes, it's a serious oversight :-(
> }
> } > It certainly isn't mentioned in README or INSTALL. Anyhow, how do I take
> } > the existing external password file (which has encrypted passwords) and
> } > put it into the DB?
> }
> } I'm afraid you don't. The encryption method that was used in external
> } files was crypt(3), which we're migrating away from for various reasons,
> } chiefly lack of cross-platform portability. The encryption method
> } that's now supported in pg_shadow entries is MD5.
> }
> } I'd counsel issuing temporary new passwords to all your users and
> } advising them to change them to something of their own choice...
>
> Hmph. I'm not thrilled that the upgrade path here is a dead end. Since
> this particular installation is my own private install, I can (and have)
> put the passwords in plaintext in the pg_shadow table. In the general
> case, however, this disenfranchises anyone relying on the external
> password file to support external users.
>
> Incidentally, how do I make an md5 password? I assume the authentication
> method in pg_hba.conf has to be set to md5, but how do I encrypt the
> password to put in the passwd field in pg_shadow? Am I expected to have
> an md5 app on my system somewhere (I don't)? Is there a tool installed
> with postgresql (I don't see such a thing)?
It isn't mentioned in the MIGRATION section (bad), but is mentioned as
change in the HISTORY file:
Remove secondary password file capability and pg_password utility
(Bruce)
We honestly didn't think anyone was using that secondary password file
anymore. You are the first to report the problem.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073