diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 9af33ce212..60dce9b298 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -1,5 +1,5 @@
@@ -188,10 +188,13 @@ where option can be:
Sets the role's password. (A password is only of use for
- roles having the LOGIN attribute, but you can
- nonetheless define one for roles without it.)
- If you do not plan to use password
- authentication you can omit this option.
+ roles having the LOGIN attribute, but you
+ can nonetheless define one for roles without it.) If you do
+ not plan to use password authentication you can omit this
+ option. If no password is specified, the password will be set
+ to null and password authentication will always fail for that
+ user. A null password can optionally be written explicitly as
+ PASSWORD NULL.
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 381ebe24ad..0ffcc21501 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.166 2005/11/22 18:17:09 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.167 2005/12/23 16:46:39 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -225,7 +225,7 @@ CreateRole(CreateRoleStmt *stmt)
defel->defname);
}
- if (dpassword)
+ if (dpassword && dpassword->arg)
password = strVal(dpassword->arg);
if (dissuper)
issuper = intVal(dissuper->arg) != 0;
@@ -517,7 +517,7 @@ AlterRole(AlterRoleStmt *stmt)
defel->defname);
}
- if (dpassword)
+ if (dpassword && dpassword->arg)
password = strVal(dpassword->arg);
if (dissuper)
issuper = intVal(dissuper->arg);
@@ -573,7 +573,7 @@ AlterRole(AlterRoleStmt *stmt)
!dconnlimit &&
!rolemembers &&
!validUntil &&
- password &&
+ dpassword &&
roleid == GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
@@ -651,6 +651,13 @@ AlterRole(AlterRoleStmt *stmt)
new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
}
+ /* unset password */
+ if (dpassword && dpassword->arg == NULL)
+ {
+ new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
+ new_record_nulls[Anum_pg_authid_rolpassword - 1] = 'n';
+ }
+
/* valid until */
if (validUntil)
{
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 16fdde7b9b..4a006bd169 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.517 2005/12/11 10:54:27 neilc Exp $
+ * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.518 2005/12/23 16:46:39 petere Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
@@ -616,6 +616,10 @@ OptRoleElem:
$$ = makeDefElem("password",
(Node *)makeString($2));
}
+ | PASSWORD NULL_P
+ {
+ $$ = makeDefElem("password", NULL);
+ }
| ENCRYPTED PASSWORD Sconst
{
$$ = makeDefElem("encryptedPassword",