pg_passwd is a tool to manipulate a flat text password file for the purpose of using that file to control client authentication of the PostgreSQL server. You can find more information about setting up this authentication mechanism in Chapter 2.
The form of a text password file is one entry per line; the fields of each entry are separated by colons. The first field is the user name, the second field is the encrypted password. Other fields are ignored (to allow password files to be shared between applications that use similar formats). The pg_passwd utility enables a user to interactively add entries to such a file, to alter passwords of existing entries, and to take care of encrypting the passwords.
Supply the name of the password file as the argument to the pg_passwd command. In order to be used for client authentication, the file must be located in the server's data directory, and the base name of the file must be specified in the pg_hba.conf access control file.
$ pg_passwd /var/lib/pgsql/data/passwords File "/var/lib/pgsql/data/passwords" does not exist. Create? (y/n): y Username: guest Password: Re-enter password: |
The original password file is renamed to passwords.bk.
To make use of this password file, put a line like the following in pg_hba.conf:
host mydb 133.65.96.250 255.255.255.255 password passwords |
It is also useful to have entries in a password file with an empty password field. (This is different from an empty password.) These entries cannot be managed by pg_passwd, but it is always possible to edit password files manually. |