Обсуждение: crypt autorization
When I try to setup 'crypt' autorizatioin on my box, I always get the message about 'autorization failed' and 'file /usr/local/pgsql/data/pg_pwd error: File not found'. What is a pg_pwd file, how can I create it (when it is system file, how can I setup 'crypt' autorization in pg_hba.conf? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton Granch Ltd. system administrator, e-mail: achilov@granch.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A
On Saturday 14 July 2001 18:17, you wrote:
> Greetings,
>
> use pg_passwd to create the pwd file,
> e.g.
> # pg_passwd /usr/local/pgsql/data/pg_pwd
> this will prompt you for the user ID, and then the password (and
> confirmation).
>
> I would suggest executing the command as the user running the database
> daemon.
As root...:-) I did this, and change passowrd in password file from
pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password
authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and
password file). And pg_pwd zeroed when I create/drop users through
'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how
can I setup 'crypt' autorization type. I wouldn't like clear password in
network...
--
With Best Regards.
Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton
Granch Ltd. system administrator, e-mail: achilov@granch.ru
PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A
Greetings,
Ahh, using crypt. I am probably wrong, but I think the frontend
tools (i.e. psql) do not know how to do crypt. I mean there are
no options to tell itwhen to send clear text, and when to send
"crypt" password. And I am pretty sure the frontend tools do
not refer to pg_hba.conf as this is a backend file.
You can probably only use/test "crypt" in your own applications.
In any case, if you are concerned about sending password over the
internet, crypt is not going to improve security much. IMHO, You
might be better off exploring how to use ssh to tunnel the database
communication.
Regards,
/calvin
lines with :> are quotes from Rashid N. Achilov's email
:> On Saturday 14 July 2001 18:17, you wrote:
:> > Greetings,
:> >
:> > use pg_passwd to create the pwd file,
:> > e.g.
:> > # pg_passwd /usr/local/pgsql/data/pg_pwd
:> > this will prompt you for the user ID, and then the password (and
:> > confirmation).
:> >
:> > I would suggest executing the command as the user running the database
:> > daemon.
:>
:> As root...:-) I did this, and change passowrd in password file from
:> pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password
:> authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and
:> password file). And pg_pwd zeroed when I create/drop users through
:> 'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how
:> can I setup 'crypt' autorization type. I wouldn't like clear password in
:> network...
:> --