Обсуждение: crypt autorization
When I try to setup 'crypt' autorizatioin on my box, I always get the message about 'autorization failed' and 'file /usr/local/pgsql/data/pg_pwd error: File not found'. What is a pg_pwd file, how can I create it (when it is system file, how can I setup 'crypt' autorization in pg_hba.conf? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton Granch Ltd. system administrator, e-mail: achilov@granch.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A
On Saturday 14 July 2001 18:17, you wrote: > Greetings, > > use pg_passwd to create the pwd file, > e.g. > # pg_passwd /usr/local/pgsql/data/pg_pwd > this will prompt you for the user ID, and then the password (and > confirmation). > > I would suggest executing the command as the user running the database > daemon. As root...:-) I did this, and change passowrd in password file from pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and password file). And pg_pwd zeroed when I create/drop users through 'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how can I setup 'crypt' autorization type. I wouldn't like clear password in network... -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton Granch Ltd. system administrator, e-mail: achilov@granch.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A
Greetings, Ahh, using crypt. I am probably wrong, but I think the frontend tools (i.e. psql) do not know how to do crypt. I mean there are no options to tell itwhen to send clear text, and when to send "crypt" password. And I am pretty sure the frontend tools do not refer to pg_hba.conf as this is a backend file. You can probably only use/test "crypt" in your own applications. In any case, if you are concerned about sending password over the internet, crypt is not going to improve security much. IMHO, You might be better off exploring how to use ssh to tunnel the database communication. Regards, /calvin lines with :> are quotes from Rashid N. Achilov's email :> On Saturday 14 July 2001 18:17, you wrote: :> > Greetings, :> > :> > use pg_passwd to create the pwd file, :> > e.g. :> > # pg_passwd /usr/local/pgsql/data/pg_pwd :> > this will prompt you for the user ID, and then the password (and :> > confirmation). :> > :> > I would suggest executing the command as the user running the database :> > daemon. :> :> As root...:-) I did this, and change passowrd in password file from :> pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password :> authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and :> password file). And pg_pwd zeroed when I create/drop users through :> 'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how :> can I setup 'crypt' autorization type. I wouldn't like clear password in :> network... :> --