blob: 589ba1864126fe1b65d02edcc725add66589619e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.6 2001/02/20 01:16:49 tgl Exp $
Postgres documentation
-->
<refentry id="APP-PG-PASSWD">
<docinfo>
<date>2000-11-18</date>
</docinfo>
<refmeta>
<refentrytitle id="APP-PG-PASSWD-TITLE"><application>pg_passwd</application></refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo>Application</refmiscinfo>
</refmeta>
<refnamediv>
<refname>pg_passwd</refname>
<refpurpose>Manipulate a text password file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>pg_passwd</command>
<arg choice="plain"><replaceable>filename</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="app-pg-passwd-description">
<title>Description</title>
<para>
<application>pg_passwd</application> is a tool to manipulate a flat
text password file for the purpose of using that file to control
client authentication of the
<productname>PostgreSQL</productname> server. More information
about setting up this authentication mechanism can be found in the
<citetitle>Administrator's Guide</citetitle>.
</para>
<para>
The form of a text password file is one entry per line; the fields
of each entry are separated by colons. The first field is the user
name, the second field is the encrypted password. Other fields are
ignored (to allow password files to be shared between applications
that use similar formats). The functionality of the
<application>pg_passwd</application> utility is to enable a user to
interactively add entries to such a file, to alter passwords of
existing entries, and to take care of encrypting the passwords.
</para>
<para>
Supply the name of the password file as argument to the <application>pg_passwd</application>
command. To be of use for client authentication the file needs to
be located in the server's data directory, and the base name of
the file needs to be specified in the
<filename>pg_hba.conf</filename> access control file.
<screen>
<prompt>$</prompt> <userinput>pg_passwd /usr/local/pgsql/data/passwords</userinput>
<computeroutput>File "/usr/local/pgsql/data/passwords" does not exist. Create? (y/n):</computeroutput> <userinput>y</userinput>
<prompt>Username:</prompt> <userinput>guest</userinput>
<prompt>Password:</prompt>
<prompt>Re-enter password:</prompt>
</screen>
where the <literal>Password:</literal> and <literal>Re-enter
password:</literal> prompts require the same password input which
is not displayed on the terminal. Note that the password is limited
to eight useful characters by restrictions of the standard crypt(3)
library routine.
</para>
<para>
The original password file is renamed to
<filename>passwords.bk</filename>.
</para>
<para>
To make use of this password file, put a line like the following in
<filename>pg_hba.conf</filename>:
<programlisting>
host mydb 133.65.96.250 255.255.255.255 password passwords
</programlisting>
which would allow access to database mydb from host 133.65.96.250 using
the passwords listed in the <filename>passwords</filename> file (and
only to the users listed in that file).
</para>
<note>
<para>
It is also useful to have entries in a password file with an empty
password field. (This is different from an empty password.)
These entries cannot be managed by
<application>pg_passwd</application>, but it is always possible to
edit password files manually.
</para>
</note>
</refsect1>
<refsect1 id="app-pg-passwd-seealso">
<title>See also</title>
<para>
<citetitle>PostgreSQL Administrator's Guide</citetitle>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->
|
