Re: Authentication against /etc/passwd?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Adrian.Jackson@ioshq.com
Cc: pgsql-novice@postgresql.org
Date: 2001-03-22T06:04:08Z
Lists: pgsql-novice
<Adrian.Jackson@ioshq.com> writes: > Is there any way to authenticate users against the /etc/passwd (or > /etc/shadow) file rather than the pg_shadow table? Is there any good > reason for *not* wanting to do this Postgres users are not the same as Unix users --- there's no particularly good reason to assume that remote users of your database will have accounts on the server machine. (In fact, I'd say it's a more secure setup if they *don't*.) There's also the small point that on well-secured systems, the real passwords aren't in /etc/passwd at all, and the postmaster certainly should not have privileges to read /etc/shadow. If you insist on doing this (and you keep passwords in /etc/passwd), I believe it would work to set up password auth with a flat password file that's just a symlink to /etc/passwd. The format is deliberately chosen to be compatible... regards, tom lane