diff --git a/doc/src/sgml/ref/pg_passwd.sgml b/doc/src/sgml/ref/pg_passwd.sgml index fff87b48c1..3170104178 100644 --- a/doc/src/sgml/ref/pg_passwd.sgml +++ b/doc/src/sgml/ref/pg_passwd.sgml @@ -1,153 +1,106 @@ + + 2000-11-18 + + - - pg_passwd - + pg_passwd + 1 Application + - - pg_passwd - - - Manipulate the flat password file - + pg_passwd + Manipulate a text password file + - - 1999-07-20 - - -pg_passwd filename - + + pg_passwd + filename + - - - 1999-07-20 - - - Description - + + Description - pg_passwd - is a tool to manipulate the - flat password file functionality of - Postgres. This style of password - authentication is not required in an - installation, but is one of several supported security mechanisms. + pg_passwd is a tool to manipulate a flat + text password file for the purpose of using that file to control + the client authentication of the + PostgreSQL server. More information + about setting up this authentication mechanism can be found in the + Administrator's Guide. - Specify the password file in the same style of - Ident authentication in - $PGDATA/pg_hba.conf: - - -host unv 133.65.96.250 255.255.255.255 password passwd - - - where the above line allows access from 133.65.96.250 using the passwords listed - in $PGDATA/passwd. - The format of the password file follows those of - /etc/passwd - and - /etc/shadow. - The first field is the user name, and the second field - is the encrypted password. - The rest is completely ignored. - Thus the following three sample lines specify the same user and password pair: - - -pg_guest:/nB7.w5Auq.BY:10031:::::: -pg_guest:/nB7.w5Auq.BY:93001:930::/home/guest:/bin/tcsh -pg_guest:/nB7.w5Auq.BY:93001 - + The form of a text password file is one entry per line; the fields + of each entry are separated by colons. The first field is the user + name, the second field is the encrypted password. Other fields are + ignored (to allow password files to be shared between applications + that use similar formats). The functionality of the + pg_passwd utility is to enable a user to + interactively add entries to such a file, to alter passwords of + existing entries, and to take care of encrypting the passwords. - Supply the password file to the pg_passwd command. - In the case described above, after changing the working directory to - PGDATA, the following command execution specifies - the new password for pg_guest: + Supply the name of the password file as argument to the pg_passwd + command. To be of use for client authentication the file needs to + be location in the server's data directory, and the base name of + the file needs to be specified in the + pg_hba.conf access control file. - - $ pg_passwd passwd - Username: pg_guest - Password: - Re-enter password: - + +$ pg_passwd /usr/local/pgsql/data/passwords +File "/usr/local/pgsql/data/passwords" does not exist. Create? (y/n): y +Username: guest +Password: +Re-enter password: + - where the Password: - and Re-enter password: - prompts require the same password input which are not displayed - on the terminal. + where the Password: and Re-enter + password: prompts require the same password input which + is not displayed on the terminal. + + + The original password file is renamed to - passwd.bk. + passwords.bk. - psql - uses the - option to invoke this style of - authentication. - - - - The following lines show the sample usage of the option: + To make use of this password file, put a line like the following in + pg_hba.conf: -$ psql -h hyalos -u unv -Username: pg_guest -Password: -Welcome to the POSTGRESQL interactive sql monitor: - Please read the file COPYRIGHT for copyright terms of POSTGRESQL - type \? for help on slash commands - type \q to quit - type \g or terminate with semicolon to execute query - You are currently connected to the database: unv -unv=> - +host unv 133.65.96.250 255.255.255.255 password passwords + + + which would allow access from host 133.65.96.250 using the + passwords listed in the passwords file (and + only to the users listed in the file). + + + It is also useful to have entries in password file with an empty + password field. (This is different from an empty password.) + These entries cannot be managed by + pg_passwd, but it is always possible to + edit password files manually. + + + + + + See also - Perl5 authentication - uses the new style of the Pg.pm like this: - - -$conn = Pg::connectdb("host=hyalos dbname=unv - user=pg_guest password=xxxxxxx"); - - - For more details, refer to - src/interfaces/perl5/Pg.pm. - - - - Pg{tcl,tk}sh authentication - uses the - pg_connect - command with the - - option thusly: - - -% set conn [pg_connect -conninfo \\ - "host=hyalos dbname=unv \\ - user=pg_guest password=xxxxxxx "] - - - You can list all of the keys for the option by executing the following - command: - - -% puts [ pg_conndefaults] - + PostgreSQL Administrator's Guide