pg_hba.conf and secondary password file

Right now, we support a secondary password file reference in
pg_hba.conf.

If the file contains only usernames, we assume that it is the list of
valid usernames for the connection.  If it contains usernames and
passwords, like /etc/passwd, we assume these are the passwords to be
used for the connection.  Such connections must pass the unencrypted
passwords over the wire so they can be matched against the file;
'password' encryption in pg_hba.conf.

Is it worth keeping this password capability in 7.3?  It requires
'password' in pg_hba.conf, which is not secure, and I am not sure how
many OS's still use crypt in /etc/passwd anyway.  Removing the feature
would clear up pg_hba.conf options a little.

The ability to specify usernames in pg_hba.conf or in a secondary file
is being added to pg_hba.conf anyway, so it is really only the password
part that we have to decide to keep or remove.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026