Hello, On Thu, 2019-09-19 at 12:30 +0200, Matthias Apitz wrote: > Hello, > > Our software, a huge ILS, is running on Linux with DBS Sybase. To > connect to the Sybase server (over the network, even on localhost), > credentials must be known: a user (say 'sisis') and its password. > > For Sybase we have them stored on the disk of the system in a file > syb.npw as: > > $ cat /opt/lib/sisis/etc/syb/syb.npw > sisis:e53902b9923ab2fb > sa:64406def48efca8c > > for the user 'sisis' and the administrator 'sa'. Our software has as > shared library a blob which knows how to decrypt the password hash > above > shown as 'e53902b9923ab2fb' into clear text which is then used in the > ESQL/C or Java layer to connect to the Sybase server. > > For PostgreSQL the password must be typed in (for pgsql) or can be > provided in an environment variable PGPASSWORD=blabla > > Is there somehow an API in PG to use ciphered passwords and provide > as a > shared library the blob to decrypt it? If not, we will use the > mechanism same as > we use for Sybase. Or any other idea to not make detectable the > credentials? This was a request of our customers some years ago. > > matthias > > https://www.postgresql.org/docs/11/auth-password.html Chapters 20.5 and 20.6 may give you more information. HTH, Robert
