Re: pg_hba.conf and secondary password file

Could you have multiple such references?

for example,
one entry/file with the postgres user only listed in it which enables trust for
the postgres user without password challenge
second entry/file with local users who are allowed with password

Final goal for us listed in next post.

Dave

>-----Original Message-----
>From: pgsql-general-owner@postgresql.org
>[mailto:pgsql-general-owner@postgresql.org]On Behalf Of Bruce Momjian
>Sent: Friday, March 15, 2002 7:53 PM
>To: PostgreSQL-general
>Subject: [GENERAL] pg_hba.conf and secondary password file
>
>
>Right now, we support a secondary password file reference in
>pg_hba.conf.
>
>If the file contains only usernames, we assume that it is the list of
>valid usernames for the connection.  If it contains usernames and
>passwords, like /etc/passwd, we assume these are the passwords to be
>used for the connection.  Such connections must pass the unencrypted
>passwords over the wire so they can be matched against the file;
>'password' encryption in pg_hba.conf.
>
>Is it worth keeping this password capability in 7.3?  It requires
>'password' in pg_hba.conf, which is not secure, and I am not sure how
>many OS's still use crypt in /etc/passwd anyway.  Removing the feature
>would clear up pg_hba.conf options a little.
>
>The ability to specify usernames in pg_hba.conf or in a secondary file
>is being added to pg_hba.conf anyway, so it is really only the password
>part that we have to decide to keep or remove.
>
>--
>  Bruce Momjian                        |  http://candle.pha.pa.us
>  pgman@candle.pha.pa.us               |  (610) 853-3000
>  +  If your life is a hard drive,     |  830 Blythe Avenue
>  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>subscribe-nomail command to majordomo@postgresql.org so that your
>message can get through to the mailing list cleanly
>
>