pg_shadow.passwd versus pg_hba.conf password passwd

Background: Trying to use a Cobalt box that has PostgreSQL pre-installed.

I can change localhost "crypt" to "trust" in pg_hba.conf, but I don't
really want to do that long-term.

If I'm reading "man pg_passwd" correctly, I can create a standard
Un*x passwd file and use that with "password" in pg_hba.conf

However, the current installation seems to be using "crypt", with no
passwd file, and with unencrypted passwords in the pg_shadow.passwd
field -- Or, at least, as far as I can tell, since /etc/.meta.id has
the same text as the admin's pg_shadow.passwd field.

So, my question is, what is the "passwd" field in pg_shadow for?...

Is that where an unencrypted password would be stored if I used
"password" rather than "crypt"?...  That seems the exact opposite of
the reality on this box.  Or can I get pg_hba.conf to just use that
field somehow with "crypt"?

If I *cannot* use pg_shadow.passwd for the encrypted password, and I
use standard Un*x passwd file, does create_user know enough with -P
to fill that in properly, or am I on my own?...

How is Cobalt getting this to work with "localhost all crypt" in
pg_hba.conf, but the password does not seem to be encrypted:
/etc/.meta.id is plaintext of pg_shadow.passwd, and there is no
obvious passwd file, so where's the crypt?

I've installed PostgreSQL before, and all this stuff just worked somehow. :-^

I'm reading all the docs I can find, but interpreting them correctly
is another matter :-)

Please Cc: me, as I'm not really active on this list...