Обсуждение: Some questions regarding authentication (via pg_hba.conf password pwfile)

Hello,
first I'm sorry for my english, but I hope you can understand my following
problems and questions.
As I spent much time in getting information about the posibilities with
authentification in postreSQL there are some questions left. I didn't found
any answers to this questions so I hope you can help me.
I've configured the pg_hba.conf that way users only have access to a
database (db), if there is a password given in the corresponding
passwordfile (db_pw_file).
(host db XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX password db_pw_file)
This works fine so far.
As it's written in
http://www.postgresql.org/idocs/index.php?auth-methods.html#AUTH-PASSWORD
the SQL-command CREATE USER ... WITH PASSWORD as well as ALTER USER ... WITH
PASSWORD won't change the passwords in the corresponding passwordfiles.
So my questions now are:
1. Are there any other posibilities to change the password, or is the
pg_passwd-tool the only one?
2. Do I have a possibility to change this passwords with a SQL-Command or a
Java-Servlet (in a secure way)?
3. As I used the pg_passwd-tool the usernames were truncated to a length of
8 chars. Is there a possibility to use usernames with more than 8 chars with
this authentication-method?
Many thanks,
Michael