path: root/doc/src/sgml/ref/pg_passwd.sgml

<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.4 2000/11/18 19:05:58 petere Exp $
Postgres documentation
-->

<refentry id="APP-PG-PASSWD">
 <docinfo>
  <date>2000-11-18</date>
 </docinfo>

 <refmeta>
  <refentrytitle id="APP-PG-PASSWD-TITLE"><application>pg_passwd</application></refentrytitle>
  <manvolnum>1</manvolnum>
  <refmiscinfo>Application</refmiscinfo>
 </refmeta>

 <refnamediv>
  <refname>pg_passwd</refname>
  <refpurpose>Manipulate a text password file</refpurpose>
 </refnamediv>

 <refsynopsisdiv>
  <cmdsynopsis>
   <command>pg_passwd</command>
   <arg choice="plain"><replaceable>filename</replaceable></arg>
  </cmdsynopsis>
 </refsynopsisdiv>

 <refsect1 id="app-pg-passwd-description">
  <title>Description</title>
  <para>
   <application>pg_passwd</application> is a tool to manipulate a flat
   text password file for the purpose of using that file to control
   the client authentication of the
   <productname>PostgreSQL</productname> server.  More information
   about setting up this authentication mechanism can be found in the
   <citetitle>Administrator's Guide</citetitle>.
  </para>

  <para>
   The form of a text password file is one entry per line; the fields
   of each entry are separated by colons.  The first field is the user
   name, the second field is the encrypted password.  Other fields are
   ignored (to allow password files to be shared between applications
   that use similar formats).  The functionality of the
   <application>pg_passwd</application> utility is to enable a user to
   interactively add entries to such a file, to alter passwords of
   existing entries, and to take care of encrypting the passwords.
  </para>

  <para>
   Supply the name of the password file as argument to the pg_passwd
   command.  To be of use for client authentication the file needs to
   be location in the server's data directory, and the base name of
   the file needs to be specified in the
   <filename>pg_hba.conf</filename> access control file.

<screen>
<prompt>$</prompt> <userinput>pg_passwd /usr/local/pgsql/data/passwords</userinput>
<computeroutput>File "/usr/local/pgsql/data/passwords" does not exist.  Create? (y/n):</computeroutput> <userinput>y</userinput>
<prompt>Username:</prompt> <userinput>guest</userinput>
<prompt>Password:</prompt>
<prompt>Re-enter password:</prompt>
</screen>

   where the <literal>Password:</literal> and <literal>Re-enter
   password:</literal> prompts require the same password input which
   is not displayed on the terminal.
  </para>

  <para>
   The original password file is renamed to
   <filename>passwords.bk</filename>.
  </para>

  <para>
   To make use of this password file, put a line like the following in
   <filename>pg_hba.conf</filename>:

<programlisting>
host  unv     133.65.96.250   255.255.255.255 password passwords
</programlisting>

   which would allow access from host 133.65.96.250 using the
   passwords listed in the <filename>passwords</filename> file (and
   only to the users listed in the file).
  </para>

  <note>
   <para>
    It is also useful to have entries in password file with an empty
    password field.  (This is different from an empty password.)
    These entries cannot be managed by
    <application>pg_passwd</application>, but it is always possible to
    edit password files manually.
   </para>
  </note>
 </refsect1>

 <refsect1 id="app-pg-passwd-seealso">
  <title>See also</title>
  <para>
   <citetitle>PostgreSQL Administrator's Guide</citetitle>
  </para>
 </refsect1>
</refentry>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->