Re: passwords and 7.3

Tom Lane sez:
} Gregory Seidman <gss+pg@cs.brown.edu> writes:
} > Tom Lane sez:
} > } Secondary password files aren't supported anymore as of 7.3.  If that's
} > } not in the release notes, it's a serious oversight :-(
}
} > It certainly isn't mentioned in README or INSTALL. Anyhow, how do I take
} > the existing external password file (which has encrypted passwords) and
} > put it into the DB?
}
} I'm afraid you don't.  The encryption method that was used in external
} files was crypt(3), which we're migrating away from for various reasons,
} chiefly lack of cross-platform portability.  The encryption method
} that's now supported in pg_shadow entries is MD5.
}
} I'd counsel issuing temporary new passwords to all your users and
} advising them to change them to something of their own choice...

Hmph. I'm not thrilled that the upgrade path here is a dead end. Since
this particular installation is my own private install, I can (and have)
put the passwords in plaintext in the pg_shadow table. In the general
case, however, this disenfranchises anyone relying on the external
password file to support external users.

Incidentally, how do I make an md5 password? I assume the authentication
method in pg_hba.conf has to be set to md5, but how do I encrypt the
password to put in the passwd field in pg_shadow? Am I expected to have
an md5 app on my system somewhere (I don't)? Is there a tool installed
with postgresql (I don't see such a thing)?

}             regards, tom lane
--Greg