获取 PostgreSQL 登录角色的加密密码
Get encrypted password for PostgreSQL login role
有没有办法从 PostgreSQL 服务器获取登录名的加密密码?
为了深入了解我的问题,我正在尝试通过 Ansible 管理 postgres 用户的密码。为此,我想检查加密密码的当前值(例如 'md5...'),看看它是否是最新的。如果不是,我会执行适当的 ALTER ROLL 命令来更新它。
我知道我可以使用 pg_dumpall 来 查看 密码,例如:
$ pg_dumpall --roles-only
<snip>
CREATE ROLE postgres;
ALTER ROLE postgres WITH ... PASSWORD 'md5...';
但这似乎不是一个非常可靠的方法。
尝试读取 rolpassword 字段。
SELECT rolpassword FROM pg_authid
The catalog pg_authid contains information about database
authorization identifiers (roles). A role subsumes the concepts of
"users" and "groups". A user is essentially just a role with the
rolcanlogin flag set. Any role (with or without rolcanlogin) can have
other roles as members; see pg_auth_members.
Since this catalog contains passwords, it must not be publicly
readable. pg_roles is a publicly readable view on pg_authid that
blanks out the password field.
Chapter 19 contains detailed information about user and privilege
management.
Because user identities are cluster-wide, pg_authid is shared across
all databases of a cluster: there is only one copy of pg_authid per
cluster, not one per database.
有没有办法从 PostgreSQL 服务器获取登录名的加密密码?
为了深入了解我的问题,我正在尝试通过 Ansible 管理 postgres 用户的密码。为此,我想检查加密密码的当前值(例如 'md5...'),看看它是否是最新的。如果不是,我会执行适当的 ALTER ROLL 命令来更新它。
我知道我可以使用 pg_dumpall 来 查看 密码,例如:
$ pg_dumpall --roles-only
<snip>
CREATE ROLE postgres;
ALTER ROLE postgres WITH ... PASSWORD 'md5...';
但这似乎不是一个非常可靠的方法。
尝试读取 rolpassword 字段。
SELECT rolpassword FROM pg_authid
The catalog pg_authid contains information about database authorization identifiers (roles). A role subsumes the concepts of "users" and "groups". A user is essentially just a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) can have other roles as members; see pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.
Chapter 19 contains detailed information about user and privilege management.
Because user identities are cluster-wide, pg_authid is shared across all databases of a cluster: there is only one copy of pg_authid per cluster, not one per database.