Curt Sampson <cjs@cynic.net> writes:
> I know it's a bunch of programming work, but if you use "unencrypted"
> passwords (i.e., crypt-style rather than MD5) for the users in the db,
> could you not write a program that reads the pg_user table directly, and
> then updates those passwords that need updating?
Currently, our external password file looks like this :
kowalski:<crypted-password-here>
...
phppgadmin:+
webcalendar:+
...
And so on. Regular Unix users have their passwords set from the NIS
passwd database (standard crypt method), and PostgreSQL-specific users
have their passwords defined in pg_shadow (no encryption there). This
last use prevents us from using PAM-style authentication I presume.
The pg_hba config file contains the following line :
host all <network-address> 255.255.255.0 password passwd
If the passwords are stored in their "crypt form" in pg_shadow, yes I
can write such a script, then call it through cron; but as I
understand the docs, passwords are stored using MD5 method, which
makes all our passwords unusable, am I wrong ?
--
Nicolas