El día Thursday, September 19, 2019 a las 10:31:01PM +1000, rob stone escribió: > Hello, > > On Thu, 2019-09-19 at 12:30 +0200, Matthias Apitz wrote: > > Hello, > > > > Our software, a huge ILS, is running on Linux with DBS Sybase. To > > connect to the Sybase server (over the network, even on localhost), > > credentials must be known: a user (say 'sisis') and its password. > > > > For Sybase we have them stored on the disk of the system in a file > > syb.npw as: > > > > $ cat /opt/lib/sisis/etc/syb/syb.npw > > sisis:e53902b9923ab2fb > > sa:64406def48efca8c > > > > for the user 'sisis' and the administrator 'sa'. Our software has as > > shared library a blob which knows how to decrypt the password hash > > above > > shown as 'e53902b9923ab2fb' into clear text which is then used in the > > ESQL/C or Java layer to connect to the Sybase server. > > > > For PostgreSQL the password must be typed in (for pgsql) or can be > > provided in an environment variable PGPASSWORD=blabla > > > > Is there somehow an API in PG to use ciphered passwords and provide > > as a > > shared library the blob to decrypt it? If not, we will use the > > mechanism same as > > we use for Sybase. Or any other idea to not make detectable the > > credentials? This was a request of our customers some years ago. > > > > > https://www.postgresql.org/docs/11/auth-password.html > > Chapters 20.5 and 20.6 may give you more information. The form of the password hash store in the PG server or interchange over the network is not my question. The question is more: When the Linux server starts and with this the (ESQL/C written) application servers are starting, they need the password to connect and this is not provided at this moment from some keyboard or humanbeing. It must be stored on the server and available in clear for the server, but not for other eyes on the server, i.e. the place of the sorage must be ciphered. matthias -- Matthias Apitz, ✉ guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!
