From d762425ad8b5ea9b2dba201601641d0b91af1ca5 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Wed, 6 Feb 2019 22:07:42 +0100 Subject: [PATCH] Remove outdated auth_file documentation Once upon a time, one could point auth_file to pg_auth in the PostgreSQL data directory, but this is long obsolete (gone as of PostgreSQL 9.0), so remove mentions of it. --- doc/config.rst | 18 ++++++------------ etc/pgbouncer.ini | 1 - etc/small.ini | 1 - src/loader.c | 4 ++-- test/test.ini | 1 - 5 files changed, 8 insertions(+), 17 deletions(-) diff --git a/doc/config.rst b/doc/config.rst index 44e703a..86b2c67 100644 --- a/doc/config.rst +++ b/doc/config.rst @@ -84,10 +84,7 @@ Default: not set auth_file --------- -The name of the file to load user names and passwords from. The file format -is the same as the PostgreSQL 8.x pg_auth/pg_pwd file, so this setting can be -pointed directly to one of those backend files. Since version 9.0, PostgreSQL -does not use such text file, so it must be generated manually. See +The name of the file to load user names and passwords from. See section `Authentication file format`_ below about details. Default: not set. @@ -990,14 +987,6 @@ There should be at least 2 fields, surrounded by double quotes. The first field is the username and the second is either a plain-text or a MD5-hidden password. PgBouncer ignores the rest of the line. -This file format is equivalent to text files used by PostgreSQL 8.x -for authentication info, thus allowing PgBouncer to work directly -on PostgreSQL authentication files in data directory. - -Since PostgreSQL 9.0, the text files are not used anymore. Thus the -auth file needs to be generated. See `./etc/mkauth.py` for sample script -to generate auth file from `pg_shadow` table. - PostgreSQL MD5-hidden password format:: "md5" + md5(password + username) @@ -1005,6 +994,11 @@ PostgreSQL MD5-hidden password format:: So user `admin` with password `1234` will have MD5-hidden password `md545f2603610af569b6155c45067268c6b`. +The authentication file can be written by hand, but it's also useful +to generate it from some other list of users and passwords. See +`./etc/mkauth.py` for a sample script to generate the authentication +file from the `pg_shadow` system table. + HBA file format =============== diff --git a/etc/pgbouncer.ini b/etc/pgbouncer.ini index 1ce88a7..67cc94e 100644 --- a/etc/pgbouncer.ini +++ b/etc/pgbouncer.ini @@ -104,7 +104,6 @@ listen_port = 6432 ; any, trust, plain, crypt, md5, cert, hba, pam auth_type = trust -;auth_file = /8.0/main/global/pg_auth auth_file = /etc/pgbouncer/userlist.txt ;; Path to HBA-style auth config diff --git a/etc/small.ini b/etc/small.ini index 47025f4..1cae773 100644 --- a/etc/small.ini +++ b/etc/small.ini @@ -19,7 +19,6 @@ unix_socket_dir = /tmp ; any, trust, plain, crypt, md5 auth_type = trust -#auth_file = 8.0/main/global/pg_auth auth_file = etc/userlist.txt ; session, transaction, statement diff --git a/src/loader.c b/src/loader.c index 355bd7b..13323f6 100644 --- a/src/loader.c +++ b/src/loader.c @@ -17,7 +17,7 @@ */ /* - * Config and pg_auth file reading. + * Config and auth file reading. */ #include "bouncer.h" @@ -546,7 +546,7 @@ static void disable_users(void) } } -/* load list of users from pg_auth/pg_psw file */ +/* load list of users from auth_file */ bool load_auth_file(const char *fn) { char *user, *password, *buf, *p; diff --git a/test/test.ini b/test/test.ini index 0045cbd..374bc26 100644 --- a/test/test.ini +++ b/test/test.ini @@ -33,7 +33,6 @@ unix_socket_dir = /tmp ; any, trust, plain, crypt, md5 auth_type = trust -#auth_file = 8.0/main/global/pg_auth auth_file = userlist.txt ;;; -- 2.40.0