Right now, we support a secondary password file reference in pg_hba.conf. If the file contains only usernames, we assume that it is the list of valid usernames for the connection. If it contains usernames and passwords, like /etc/passwd, we assume these are the passwords to be used for the connection. Such connections must pass the unencrypted passwords over the wire so they can be matched against the file; 'password' encryption in pg_hba.conf.
Is it worth keeping this password capability in 7.3? It requires 'password' in pg_hba.conf, which is not secure, and I am not sure how many OS's still use crypt in /etc/passwd anyway. Removing the feature would clear up pg_hba.conf options a little. The ability to specify usernames in pg_hba.conf or in a secondary file is being added to pg_hba.conf anyway, so it is really only the password part that we have to decide to keep or remove. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
