Re: create user, user exists

Tom Lane wrote:
>
> Ron Peterson <ron.peterson@yellowbank.com> writes:
> > I'm having a bit of authentication trouble.  I'm trying to use 'crypt'
> > authentication.  PostgreSQL 7.1beta5.  My pg_hba.conf is as follows:
>
> IIRC, you can't use crypt with a flat password file, you have to use
> plain passwd authentication.  (On a local connection there's not much
> point in crypt anyway...)
>
> BTW, it may help to look in the postmaster log; for many authentication
> failures, the error message sent to the client is deliberately not
> telling all.  The message recorded in the log may have additional
> details.

I misunderstood the difference between 'crypt' and 'password'.  I
thought they both did a flat password file, and 'crypt' crypted the
passwords, and 'password' didn't.  Instead, 'crypt' encrypts passwords
sent over the wire, and 'password' authenticates against a flat
(crypted) password file, rather than pg_shadow.

So local+crypt doesn't make a lot of sense, obviously.

So now I'm trying to decide whether I want to use 'password' or
pg_shadow for user authentication.  Using 'password' seems like a broad
(and easily managed) brush, while using groups would give me a finer
degree of control over permission settings.  I'm using ssl for my remote
connections, so the whole 'crypt' thing is irrelevant.

-Ron-
GPG and other info at: http://www.yellowbank.com/