PostgreSQL Reference Manual - Volume 3 - Server Administration Guide by The PostgreSQL Global Development Group Paperback (6"x9"), 204 pages ISBN 0954612043 RRP £13.95 ($24.95) Sales of this book support the PostgreSQL project! Get a printed copy>>>

PostgreSQL Reference Manual Volume 3 Buy the book here! >>> only $24.95

7.2.2 Password authentication

The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text. A limitation is that the crypt method does not work with passwords that have been encrypted in pg_authid.

If you are at all concerned about password “sniffing” attacks then md5 is preferred, with crypt to be used only if you must support pre-7.2 clients. Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).

PostgreSQL database passwords are separate from operating system user passwords. The password for each database user is stored in the pg_authid system catalog. Passwords can be managed with the SQL commands CREATE USER and ALTER USER, e.g., CREATE USER foo WITH PASSWORD 'secret';. By default, that is, if no password has been set up, the stored password is null and password authentication will always fail for that user.