Re: crypt vs password in pg_hba.conf

On Sat, 14 Jun 2003, Robert C. Paulsen Jr. wrote:

> I just compiled and installed version 7.3.3 and am having a problem with
> encrypted logins.
>
> I built it using "--with-openssl" on the .configure command.
>
> All seemed to go OK during the build and install. I created a user with a
> password and am able to connect with psql using the password if pg_hba.conf has
> a line like this:
>
>         host all all 192.168.0.0 255.255.255.0 password
>
> but if I change that line to this:
>
>         host all all 192.168.0.0 255.255.255.0 crypt

You need to tell postgresql that the password is to be encrypted when you set
it.

>
> the connection fails with the message:
>
>         psql: FATAL:  Password authentication failed for user "robert"

Because it is encrypting the password and comparing it against an unencrypted
one.

>
> I am pretty sure I don't have the password wrong since I tried redoing it
> several times using "ALTER USER".

Check the syntax for the alter user statement, whereever it says you may use
the word ENCRYPTED use it and you should then be able to use 'crypt' in the
pg_hba.conf.


SSL is nothing to do with this. To use SSL you have to give the server a
certificate, either a proper well known third party registered one or one that
you've generated yourself. There is documentation on how to do this, I'm not
sure which chapter it is though, do a search on ssl in the documentation.


--
Nigel J. Andrews