<!--

$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.5 2000/12/25 23:15:26 petere Exp $

$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.6 2001/02/20 01:16:49 tgl Exp $

Postgres documentation

-->

<para>

<application>pg_passwd</application> is a tool to manipulate a flat

text password file for the purpose of using that file to control

theclient authentication of the

client authentication of the

<productname>PostgreSQL</productname> server. More information

about setting up this authentication mechanism can be found in the

<citetitle>Administrator's Guide</citetitle>.

<para>

Supply the name of the password file as argument to the <application>pg_passwd</application>

command. To be of use for client authentication the file needs to

belocation in the server's data directory, and the base name of

belocated in the server's data directory, and the base name of

the file needs to be specified in the

<filename>pg_hba.conf</filename> access control file.

where the <literal>Password:</literal> and <literal>Re-enter

password:</literal> prompts require the same password input which

is not displayed on the terminal.

is not displayed on the terminal. Note that the password is limited

to eight useful characters by restrictions of the standard crypt(3)

library routine.

</para>

<para>

<filename>pg_hba.conf</filename>:

<programlisting>

hostunv 133.65.96.250 255.255.255.255 password passwords

hostmydb 133.65.96.250 255.255.255.255 password passwords

</programlisting>

which would allow access from host 133.65.96.250 using the

passwords listed in the <filename>passwords</filename> file (and

only to the users listed inthe file).

which would allow accessto database mydbfrom host 133.65.96.250 using

thepasswords listed in the <filename>passwords</filename> file (and

only to the users listed inthat file).

</para>

<note>

#definePG_PASSWD_LEN 13/* not including null */

#defineCLEAR_PASSWD_LEN 8/* not including null */

#defineCRYPTED_PASSWD_LEN 13/* not including null */

constchar*progname;

staticvoidusage(void);

staticvoidread_pwd_file(char*filename);

staticvoidwrite_pwd_file(char*filename,char*bkname);

staticvoidencrypt_pwd(charkey[9],charsalt[3],charpasswd[PG_PASSWD_LEN+1]);

staticvoidencrypt_pwd(charkey[CLEAR_PASSWD_LEN+1],

charsalt[3],

charpasswd[CRYPTED_PASSWD_LEN+1]);

staticvoidprompt_for_username(char*username);

staticvoidprompt_for_password(char*prompt,char*password);

}

for (npwds=0;npwds<MAXPWDS&&fgets(line,512,fp)!=NULL;++npwds)

for (npwds=0;

npwds<MAXPWDS&&fgets(line,sizeof(line),fp)!=NULL;

++npwds)

{

intl;

char*p,

}

pwds[npwds].uname=strdup(p);

for (i=0;i<npwds;++i)

{

if (strcmp(pwds[i].uname,pwds[npwds].uname)==0)

{

fprintf(stderr,"Duplicated entry: %s\n",

pwds[npwds].uname);

fprintf(stderr,"Duplicate username %s in entry %d\n",

pwds[npwds].uname,npwds+1);

exit(1);

}

}

if (q!=NULL)

*(q++)='\0';

if (strlen(p)!=PG_PASSWD_LEN&&strcmp(p,"+")!=0)

if (strlen(p)!=CRYPTED_PASSWD_LEN&&strcmp(p,"+")!=0)

{

fprintf(stderr,"%s:%d: warning: invalid password length\n",

filename,npwds+1);

}

encrypt_pwd(charkey[9],charsalt[3],charpasswd[PG_PASSWD_LEN+1])

encrypt_pwd(charkey[CLEAR_PASSWD_LEN+1],

charsalt[3],

charpasswd[CRYPTED_PASSWD_LEN+1])

{

intn;

if (salt[0]=='\0')

{

srand(time(NULL));

salt[1]=n;

salt[2]='\0';

}

strcpy(passwd,crypt(key,salt));

}

check_pwd(charkey[9],charpasswd[PG_PASSWD_LEN+1])

{

charshouldbe[PG_PASSWD_LEN+1];

charsalt[3];

salt[0]=passwd[0];

salt[1]=passwd[1];

salt[2]='\0';

encrypt_pwd(key,salt,shouldbe);

returnstrncmp(shouldbe,passwd,PG_PASSWD_LEN)==0 ?1 :0;

}

fprintf(stderr,"key = %s, salt = %s, password = %s\n",

key,salt,passwd);

}

prompt_for_username(char*username)

printf("Username: ");

fflush(stdout);

if (fgets(username,9,stdin)==NULL)

if (fgets(username,NAMEDATALEN,stdin)==NULL)

username[0]='\0';

length=strlen(username);

printf(prompt);

fflush(stdout);

tcgetattr(0,&t);

t_orig=t;

t.c_lflag &= ~ECHO;

tcsetattr(0,TCSADRAIN,&t);

if (fgets(password,9,stdin)==NULL)

printf(prompt);

fflush(stdout);

if (fgets(password,CLEAR_PASSWD_LEN+1,stdin)==NULL)

password[0]='\0';

tcsetattr(0,TCSADRAIN,&t_orig);

main(intargc,char*argv[])

{

staticcharbkname[MAXPGPATH];

char*filename;

charusername[9];

charbkname[MAXPGPATH];

charusername[NAMEDATALEN];

charsalt[3];

charkey[9],

key2[9];

chare_passwd[PG_PASSWD_LEN+1];

charkey[CLEAR_PASSWD_LEN+1],

key2[CLEAR_PASSWD_LEN+1];

chare_passwd[CRYPTED_PASSWD_LEN+1];

inti;

progname=argv[0];

prompt_for_username(username);

prompt_for_password("New password: ",key);

prompt_for_password("Re-enter new password: ",key2);

if (strncmp(key,key2,8)!=0)

if (strcmp(key,key2)!=0)

{

fprintf(stderr,"Password mismatch\n");

exit(1);

{/* did not exist */

if (npwds==MAXPWDS)

{

fprintf(stderr,"Cannot handle somay entries\n");

fprintf(stderr,"Cannot handle somany entries\n");

exit(1);

}

pwds[npwds].uname=strdup(username);