Обсуждение: crypt autorization

Поиск
Список
Период
Сортировка

crypt autorization

От
"Rashid N. Achilov"
Дата:
When I try to setup 'crypt' autorizatioin on my box, I always get the message
about 'autorization failed' and 'file /usr/local/pgsql/data/pg_pwd error:
File not found'. What is a pg_pwd file, how can I create it (when it is
system file, how can I setup 'crypt' autorization in pg_hba.conf?
--
   With Best Regards.
   Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton
   Granch Ltd. system administrator, e-mail: achilov@granch.ru
   PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A

Re: crypt autorization

От
"Rashid N. Achilov"
Дата:
On Saturday 14 July 2001 18:17, you wrote:
> Greetings,
>
>   use pg_passwd to create the pwd file,
>   e.g.
>     # pg_passwd /usr/local/pgsql/data/pg_pwd
>   this will prompt you for the user ID, and then the password (and
> confirmation).
>
>   I would suggest executing the command as the user running the database
> daemon.

As root...:-) I did this, and change passowrd in password file from
pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password
authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and
password file). And pg_pwd zeroed when I create/drop users through
'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how
can I setup 'crypt' autorization type. I wouldn't like clear password in
network...
--
   With Best Regards.
   Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton
   Granch Ltd. system administrator, e-mail: achilov@granch.ru
   PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A

Re: crypt autorization

От
Calvin NG
Дата:
Greetings,

  Ahh, using crypt. I am probably wrong, but I think the frontend
  tools (i.e. psql) do not know how to do crypt.  I mean there are
  no options to tell itwhen to send clear text, and when to send
  "crypt" password.  And I am pretty sure the frontend tools do
  not refer to pg_hba.conf as this is a backend file.

  You can probably only use/test "crypt" in your own applications.

  In any case, if you are concerned about sending password over the
  internet, crypt is not going to improve security much.  IMHO, You
  might be better off exploring how to use ssh to tunnel the database
  communication.

Regards,
/calvin

lines with :> are quotes from Rashid N. Achilov's email
:> On Saturday 14 July 2001 18:17, you wrote:
:> > Greetings,
:> >
:> >   use pg_passwd to create the pwd file,
:> >   e.g.
:> >     # pg_passwd /usr/local/pgsql/data/pg_pwd
:> >   this will prompt you for the user ID, and then the password (and
:> > confirmation).
:> >
:> >   I would suggest executing the command as the user running the database
:> > daemon.
:>
:> As root...:-) I did this, and change passowrd in password file from
:> pg_hba.conf. Anything, `psql -d template1 -U shelton` said "Password
:> authentication failed for user 'shelton'" ('shelton' exist in pg_pwd and
:> password file). And pg_pwd zeroed when I create/drop users through
:> 'createuser' or 'dropuser' scripts. I don't doubt about pg_pwd. I doubt, how
:> can I setup 'crypt' autorization type. I wouldn't like clear password in
:> network...
:> --