Refinements

f6bc9867 · Peter Eisentraut · 714384a0 · f6bc9867
Commit f6bc9867 authored Nov 18, 2000 by Peter Eisentraut
Hide whitespace changes
Inline Side-by-side

Showing with 71 additions and 118 deletions

doc/src/sgml/ref/pg_passwd.sgml doc/src/sgml/ref/pg_passwd.sgml +71 -118

No files found.
--- a/doc/src/sgml/ref/pg_passwd.sgml
+++ b/doc/src/sgml/ref/pg_passwd.sgml
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.3 2000/07/21 00:24:37 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.4 2000/11/18 19:05:58 petere Exp $
 Postgres documentation
 -->
 <refentry id="APP-PG-PASSWD">
+ <docinfo>
+  <date>2000-11-18</date>
+ </docinfo>
 <refmeta>
-  <refentrytitle id="APP-PG-PASSWD-TITLE">
+  <refentrytitle id="APP-PG-PASSWD-TITLE"><application>pg_passwd</application></refentrytitle>
-   <application>pg_passwd</application>
+  <manvolnum>1</manvolnum>
-  </refentrytitle>
  <refmiscinfo>Application</refmiscinfo>
 </refmeta>
 <refnamediv>
-  <refname>
+  <refname>pg_passwd</refname>
-   <application>pg_passwd</application>
+  <refpurpose>Manipulate a text password file</refpurpose>
-  </refname>
-  <refpurpose>
-   Manipulate the flat password file
-  </refpurpose>
 </refnamediv>
 <refsynopsisdiv>
-  <refsynopsisdivinfo>
+  <cmdsynopsis>
-   <date>1999-07-20</date>
+   <command>pg_passwd</command>
-  </refsynopsisdivinfo>
+   <arg choice="plain"><replaceable>filename</replaceable></arg>
-  <synopsis>
+  </cmdsynopsis>
-pg_passwd <replaceable class="parameter">filename</replaceable>
-  </synopsis>
 </refsynopsisdiv>
- <refsect1 id="R1-APP-PG-PASSWD-1">
+ <refsect1 id="app-pg-passwd-description">
-  <refsect1info>
+  <title>Description</title>
-   <date>1999-07-20</date>
-  </refsect1info>
-  <title>
-   Description
-  </title>
  <para>
-   <application>pg_passwd</application>
+   <application>pg_passwd</application> is a tool to manipulate a flat
-   is a tool to manipulate the
+   text password file for the purpose of using that file to control
-   flat password file functionality of
+   the client authentication of the
-   <productname>Postgres</productname>. This style of password
+   <productname>PostgreSQL</productname> server.  More information
-   authentication is not <emphasis>required</emphasis> in an
+   about setting up this authentication mechanism can be found in the
-   installation, but is one of several supported security mechanisms.
+   <citetitle>Administrator's Guide</citetitle>.
  </para>
  <para>
-   Specify the password file in the same style of
+   The form of a text password file is one entry per line; the fields
-   <literal>Ident</literal> authentication in
+   of each entry are separated by colons.  The first field is the user
-   <filename>$PGDATA/pg_hba.conf</filename>:
+   name, the second field is the encrypted password.  Other fields are
+   ignored (to allow password files to be shared between applications
-   <programlisting>
+   that use similar formats).  The functionality of the
-host  unv     133.65.96.250   255.255.255.255 password passwd
+   <application>pg_passwd</application> utility is to enable a user to
-   </programlisting>
+   interactively add entries to such a file, to alter passwords of
+   existing entries, and to take care of encrypting the passwords.
-   where the above line allows access from 133.65.96.250 using the passwords listed
-   in <filename>$PGDATA/passwd</filename>.
-   The format of the password file follows those of
-   <filename>/etc/passwd</filename>
-   and
-   <filename>/etc/shadow</filename>.
-   The first field is the user name, and  the second field
-   is the encrypted password.
-   The rest is completely ignored.
-   Thus the following three sample lines specify the same user and password pair:
-   <programlisting>
-pg_guest:/nB7.w5Auq.BY:10031::::::
-pg_guest:/nB7.w5Auq.BY:93001:930::/home/guest:/bin/tcsh
-pg_guest:/nB7.w5Auq.BY:93001
-   </programlisting>
  </para>
  <para>
-   Supply the password file to the pg_passwd command.
+   Supply the name of the password file as argument to the pg_passwd
-   In the case described above, after changing the working directory to
+   command.  To be of use for client authentication the file needs to
-   <envar>PGDATA</envar>, the following command execution specifies
+   be location in the server's data directory, and the base name of
-   the new password for <literal>pg_guest</literal>:
+   the file needs to be specified in the
+   <filename>pg_hba.conf</filename> access control file.
-   <programlisting>
-	$ pg_passwd passwd
+<screen>
-	Username: pg_guest
+<prompt>$</prompt> <userinput>pg_passwd /usr/local/pgsql/data/passwords</userinput>
-	Password:
+<computeroutput>File "/usr/local/pgsql/data/passwords" does not exist.  Create? (y/n):</computeroutput> <userinput>y</userinput>
-	Re-enter password:
+<prompt>Username:</prompt> <userinput>guest</userinput>
-   </programlisting>
+<prompt>Password:</prompt>
+<prompt>Re-enter password:</prompt>
-   where the <literal>Password:</literal>
+</screen>
-   and <literal>Re-enter password:</literal>
-   prompts require the same password input which are not displayed
+   where the <literal>Password:</literal> and <literal>Re-enter
-   on the terminal.
+   password:</literal> prompts require the same password input which
-   The original password file is renamed to
+   is not displayed on the terminal.
-   <filename>passwd.bk</filename>.
  </para>
  <para>
-   <application>psql</application>
+   The original password file is renamed to
-   uses the <option>-u</option>
+   <filename>passwords.bk</filename>.
-   option to invoke this style of
-   authentication.
  </para>
  <para>
-   The following lines show the sample usage of the option:
+   To make use of this password file, put a line like the following in
+   <filename>pg_hba.conf</filename>:
 <programlisting>
-$ psql -h hyalos -u unv
+host  unv     133.65.96.250   255.255.255.255 password passwords
-Username: pg_guest
+</programlisting>
-Password:
-Welcome to the POSTGRESQL interactive sql monitor:
-  Please read the file COPYRIGHT for copyright terms of POSTGRESQL
-   type \? for help on slash commands
-   type \q to quit
-   type \g or terminate with semicolon to execute query
- You are currently connected to the database: unv
-unv=>
-   </programlisting>
-  </para>
-  <para>
-   Perl5 authentication
-   uses the new style of the <filename>Pg.pm</filename> like this:
-   <programlisting>
+   which would allow access from host 133.65.96.250 using the
-$conn = Pg::connectdb("host=hyalos dbname=unv
+   passwords listed in the <filename>passwords</filename> file (and
-                       user=pg_guest password=xxxxxxx");
+   only to the users listed in the file).
-   </programlisting>
-   For more details, refer to 
-   <filename>src/interfaces/perl5/Pg.pm</filename>.
  </para>
-  <para>
+  <note>
-   Pg{tcl,tk}sh authentication
+   <para>
-   uses the
+    It is also useful to have entries in password file with an empty
-   <function>pg_connect</function>
+    password field.  (This is different from an empty password.)
-   command with the
+    These entries cannot be managed by
-   <option>-conninfo</option>
+    <application>pg_passwd</application>, but it is always possible to
-   option thusly:
+    edit password files manually.
+   </para>
-<programlisting>
+  </note>
-% set conn [pg_connect -conninfo \\
+ </refsect1>
-            "host=hyalos dbname=unv \\
-             user=pg_guest password=xxxxxxx "]
-   </programlisting>
-   You can list all of the keys for the option by executing the following
-   command:
-   <programlisting>
+ <refsect1 id="app-pg-passwd-seealso">
-% puts [ pg_conndefaults]
+  <title>See also</title>
-   </programlisting>
+  <para>
+   <citetitle>PostgreSQL Administrator's Guide</citetitle>
  </para>
 </refsect1>
 </refentry>