Refinements

2025-07-28 23:42:10 +03:00 · 2000-11-18 19:05:58 +00:00
parent 714384a0b2
commit f6bc98679a
1 changed files with 72 additions and 119 deletions
--- a/doc/src/sgml/ref/pg_passwd.sgml
+++ b/doc/src/sgml/ref/pg_passwd.sgml
@ -1,153 +1,106 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.3 2000/07/21 00:24:37 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.4 2000/11/18 19:05:58 petere Exp $
 Postgres documentation
 -->
 <refentry id="APP-PG-PASSWD">
 <docinfo>
  <date>2000-11-18</date>
 </docinfo>
 <refmeta>
-  <refentrytitle id="APP-PG-PASSWD-TITLE">
+  <refentrytitle id="APP-PG-PASSWD-TITLE"><application>pg_passwd</application></refentrytitle>
-   <application>pg_passwd</application>
+  <manvolnum>1</manvolnum>
  </refentrytitle>
  <refmiscinfo>Application</refmiscinfo>
 </refmeta>
 <refnamediv>
-  <refname>
+  <refname>pg_passwd</refname>
-   <application>pg_passwd</application>
+  <refpurpose>Manipulate a text password file</refpurpose>
  </refname>
  <refpurpose>
   Manipulate the flat password file
  </refpurpose>
 </refnamediv>
 <refsynopsisdiv>
-  <refsynopsisdivinfo>
+  <cmdsynopsis>
-   <date>1999-07-20</date>
+   <command>pg_passwd</command>
-  </refsynopsisdivinfo>
+   <arg choice="plain"><replaceable>filename</replaceable></arg>
-  <synopsis>
+  </cmdsynopsis>
 pg_passwd <replaceable class="parameter">filename</replaceable>
  </synopsis>
 </refsynopsisdiv>
- <refsect1 id="R1-APP-PG-PASSWD-1">
+ <refsect1 id="app-pg-passwd-description">
-  <refsect1info>
+  <title>Description</title>
   <date>1999-07-20</date>
  </refsect1info>
  <title>
   Description
  </title>
  <para>
-   <application>pg_passwd</application>
+   <application>pg_passwd</application> is a tool to manipulate a flat
-   is a tool to manipulate the
+   text password file for the purpose of using that file to control
-   flat password file functionality of
+   the client authentication of the
-   <productname>Postgres</productname>. This style of password
+   <productname>PostgreSQL</productname> server.  More information
-   authentication is not <emphasis>required</emphasis> in an
+   about setting up this authentication mechanism can be found in the
-   installation, but is one of several supported security mechanisms.
+   <citetitle>Administrator's Guide</citetitle>.
  </para>
  <para>
-   Specify the password file in the same style of
+   The form of a text password file is one entry per line; the fields
-   <literal>Ident</literal> authentication in
+   of each entry are separated by colons.  The first field is the user
-   <filename>$PGDATA/pg_hba.conf</filename>:
+   name, the second field is the encrypted password.  Other fields are
-
+   ignored (to allow password files to be shared between applications
-   <programlisting>
+   that use similar formats).  The functionality of the
-host  unv     133.65.96.250   255.255.255.255 password passwd
+   <application>pg_passwd</application> utility is to enable a user to
-   </programlisting>
+   interactively add entries to such a file, to alter passwords of
-
+   existing entries, and to take care of encrypting the passwords.
   where the above line allows access from 133.65.96.250 using the passwords listed
   in <filename>$PGDATA/passwd</filename>.
   The format of the password file follows those of
   <filename>/etc/passwd</filename>
   and
   <filename>/etc/shadow</filename>.
   The first field is the user name, and  the second field
   is the encrypted password.
   The rest is completely ignored.
   Thus the following three sample lines specify the same user and password pair:
   <programlisting>
 pg_guest:/nB7.w5Auq.BY:10031::::::
 pg_guest:/nB7.w5Auq.BY:93001:930::/home/guest:/bin/tcsh
 pg_guest:/nB7.w5Auq.BY:93001
   </programlisting>
  </para>
  <para>
-   Supply the password file to the pg_passwd command.
+   Supply the name of the password file as argument to the pg_passwd
-   In the case described above, after changing the working directory to
+   command.  To be of use for client authentication the file needs to
-   <envar>PGDATA</envar>, the following command execution specifies
+   be location in the server's data directory, and the base name of
-   the new password for <literal>pg_guest</literal>:
+   the file needs to be specified in the
   <filename>pg_hba.conf</filename> access control file.
-   <programlisting>
+<screen>
-	$ pg_passwd passwd
+<prompt>$</prompt> <userinput>pg_passwd /usr/local/pgsql/data/passwords</userinput>
-	Username: pg_guest
+<computeroutput>File "/usr/local/pgsql/data/passwords" does not exist.  Create? (y/n):</computeroutput> <userinput>y</userinput>
-	Password:
+<prompt>Username:</prompt> <userinput>guest</userinput>
-	Re-enter password:
+<prompt>Password:</prompt>
-   </programlisting>
+<prompt>Re-enter password:</prompt>
 </screen>
-   where the <literal>Password:</literal>
+   where the <literal>Password:</literal> and <literal>Re-enter
-   and <literal>Re-enter password:</literal>
+   password:</literal> prompts require the same password input which
-   prompts require the same password input which are not displayed
+   is not displayed on the terminal.
-   on the terminal.
+  </para>
  <para>
   The original password file is renamed to
-   <filename>passwd.bk</filename>.
+   <filename>passwords.bk</filename>.
  </para>
  <para>
-   <application>psql</application>
+   To make use of this password file, put a line like the following in
-   uses the <option>-u</option>
+   <filename>pg_hba.conf</filename>:
   option to invoke this style of
   authentication.
  </para>
  <para>
   The following lines show the sample usage of the option:
 <programlisting>
-$ psql -h hyalos -u unv
+host  unv     133.65.96.250   255.255.255.255 password passwords
-Username: pg_guest
+</programlisting>
-Password:
+
-Welcome to the POSTGRESQL interactive sql monitor:
+   which would allow access from host 133.65.96.250 using the
-  Please read the file COPYRIGHT for copyright terms of POSTGRESQL
+   passwords listed in the <filename>passwords</filename> file (and
-   type \? for help on slash commands
+   only to the users listed in the file).
   type \q to quit
   type \g or terminate with semicolon to execute query
 You are currently connected to the database: unv
 unv=>
   </programlisting>
  </para>
  <note>
   <para>
-   Perl5 authentication
+    It is also useful to have entries in password file with an empty
-   uses the new style of the <filename>Pg.pm</filename> like this:
+    password field.  (This is different from an empty password.)
-
+    These entries cannot be managed by
-   <programlisting>
+    <application>pg_passwd</application>, but it is always possible to
-$conn = Pg::connectdb("host=hyalos dbname=unv
+    edit password files manually.
                       user=pg_guest password=xxxxxxx");
   </programlisting>
   For more details, refer to 
   <filename>src/interfaces/perl5/Pg.pm</filename>.
   </para>
  </note>
 </refsect1>
 <refsect1 id="app-pg-passwd-seealso">
  <title>See also</title>
  <para>
-   Pg{tcl,tk}sh authentication
+   <citetitle>PostgreSQL Administrator's Guide</citetitle>
   uses the
   <function>pg_connect</function>
   command with the
   <option>-conninfo</option>
   option thusly:
 <programlisting>
 % set conn [pg_connect -conninfo \\
            "host=hyalos dbname=unv \\
             user=pg_guest password=xxxxxxx "]
   </programlisting>
   You can list all of the keys for the option by executing the following
   command:
   <programlisting>
 % puts [ pg_conndefaults]
   </programlisting>
  </para>
 </refsect1>
 </refentry>