Authentication improvements:

A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2025-12-21 05:21:08 +03:00 · 2002-04-04 04:25:54 +00:00
parent af10378ab0
commit 43a3543a4e
25 changed files with 1453 additions and 1931 deletions
--- a/doc/src/sgml/ref/allfiles.sgml
+++ b/doc/src/sgml/ref/allfiles.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.36 2002/03/19 02:18:12 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.37 2002/04/04 04:25:45 momjian Exp $
 PostgreSQL documentation
 Complete list of usable sgml source files in this directory.
 -->
@@ -125,7 +125,6 @@ Complete list of usable sgml source files in this directory.
 <!entity pgCtl              system "pg_ctl-ref.sgml">
 <!entity pgDump             system "pg_dump.sgml">
 <!entity pgDumpall          system "pg_dumpall.sgml">
-<!entity pgPasswd           system "pg_passwd.sgml">
 <!entity pgRestore          system "pg_restore.sgml">
 <!entity pgTclSh            system "pgtclsh.sgml">
 <!entity pgTkSh             system "pgtksh.sgml">
--- a/doc/src/sgml/ref/pg_passwd.sgml
+++ b/doc/src/sgml/ref/pg_passwd.sgml
@@ -1,123 +0,0 @@
-<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.10 2001/12/08 03:24:38 thomas Exp $
-PostgreSQL documentation
-->
-
-<refentry id="APP-PG-PASSWD">
- <docinfo>
-  <date>2000-11-18</date>
- </docinfo>
-
- <refmeta>
-  <refentrytitle id="APP-PG-PASSWD-TITLE"><application>pg_passwd</application></refentrytitle>
-  <manvolnum>1</manvolnum>
-  <refmiscinfo>Application</refmiscinfo>
- </refmeta>
-
- <refnamediv>
-  <refname>pg_passwd</refname>
-  <refpurpose>change a secondary <productname>PostgreSQL</> password file</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
-  <cmdsynopsis>
-   <command>pg_passwd</command>
-   <arg choice="plain"><replaceable>filename</replaceable></arg>
-  </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="app-pg-passwd-description">
-  <title>Description</title>
-  <para>
-   <application>pg_passwd</application> is a tool for manipulating flat
-   text password files. These files can control client authentication of
-   the <productname>PostgreSQL</productname> server. More information
-   about setting up this authentication mechanism can be found in the
-   <citetitle>Administrator's Guide</citetitle>.
-  </para>
-
-  <para>
-   The format of a text password file is one entry per line; the fields
-   of each entry are separated by colons. The first field is the user
-   name, the second field is the encrypted password. Other fields are
-   ignored (to allow password files to be shared between applications
-   that use similar formats). <application>pg_passwd</application>
-   enables users to interactively add entries to such a file, to alter
-   passwords of existing entries, and to encrypt such passwords.
-  </para>
-
-  <para>
-   Supply the name of the password file as argument to the
-   <application>pg_passwd</application> command. To be used by
-   PostgreSQL, the file needs to be located in the server's data
-   directory, and the base name of the file needs to be specified in the
-   <filename>pg_hba.conf</filename> access control file.
-
-<screen>
-<prompt>$</prompt> <userinput>pg_passwd /usr/local/pgsql/data/passwords</userinput>
-<computeroutput>File "/usr/local/pgsql/data/passwords" does not exist.  Create? (y/n):</computeroutput> <userinput>y</userinput>
-<prompt>Username:</prompt> <userinput>guest</userinput>
-<prompt>Password:</prompt>
-<prompt>Re-enter password:</prompt>
-</screen>
-
-   where the <literal>Password:</literal> and <literal>Re-enter
-   password:</literal> prompts require the same password input which
-   is not displayed on the terminal.  Note that the password is limited
-   to eight useful characters by restrictions of the standard crypt(3)
-   library routine.
-  </para>
-
-  <para>
-   The original password file is renamed to
-   <filename>passwords.bk</filename>.
-  </para>
-
-  <para>
-   To make use of this password file, put a line like the following in
-   <filename>pg_hba.conf</filename>:
-
-<programlisting>
-host  mydb     133.65.96.250   255.255.255.255 password passwords
-</programlisting>
-
-   which would allow access to database mydb from host 133.65.96.250 using
-   the passwords listed in the <filename>passwords</filename> file (and
-   only to the users listed in that file).
-  </para>
-
-  <note>
-   <para>
-    It is also useful to have entries in a password file with empty
-    password fields. (This is different from an empty password.) Such
-    entries allow you to restrict users who can access the system. These
-    entries cannot be managed by <application>pg_passwd</application>,
-    but you can edit password files manually.
-   </para>
-  </note>
- </refsect1>
-
- <refsect1 id="app-pg-passwd-seealso">
-  <title>See also</title>
-  <para>
-   <citetitle>PostgreSQL Administrator's Guide</citetitle>
-  </para>
- </refsect1>
-</refentry>
-
-<!-- Keep this comment at the end of the file
-Local variables:
-mode: sgml
-sgml-omittag:nil
-sgml-shorttag:t
-sgml-minimize-attributes:nil
-sgml-always-quote-attributes:t
-sgml-indent-step:1
-sgml-indent-data:t
-sgml-parent-document:nil
-sgml-default-dtd-file:"../reference.ced"
-sgml-exposed-tags:nil
-sgml-local-catalogs:"/usr/lib/sgml/catalog"
-sgml-local-ecat-files:nil
-End:
-->