Could you have multiple such references?
for example,
one entry/file with the postgres user only listed in it which enables trust for
the postgres user without password challenge
second entry/file with local users who are allowed with password
Final goal for us listed in next post.
Dave
>-----Original Message-----
>From: pgsql-general-owner@postgresql.org
>[mailto:pgsql-general-owner@postgresql.org]On Behalf Of Bruce Momjian
>Sent: Friday, March 15, 2002 7:53 PM
>To: PostgreSQL-general
>Subject: [GENERAL] pg_hba.conf and secondary password file
>
>
>Right now, we support a secondary password file reference in
>pg_hba.conf.
>
>If the file contains only usernames, we assume that it is the list of
>valid usernames for the connection. If it contains usernames and
>passwords, like /etc/passwd, we assume these are the passwords to be
>used for the connection. Such connections must pass the unencrypted
>passwords over the wire so they can be matched against the file;
>'password' encryption in pg_hba.conf.
>
>Is it worth keeping this password capability in 7.3? It requires
>'password' in pg_hba.conf, which is not secure, and I am not sure how
>many OS's still use crypt in /etc/passwd anyway. Removing the feature
>would clear up pg_hba.conf options a little.
>
>The ability to specify usernames in pg_hba.conf or in a secondary file
>is being added to pg_hba.conf anyway, so it is really only the password
>part that we have to decide to keep or remove.
>
>--
> Bruce Momjian | http://candle.pha.pa.us
> pgman@candle.pha.pa.us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>subscribe-nomail command to majordomo@postgresql.org so that your
>message can get through to the mailing list cleanly
>
>