Skip site navigation (1) Skip section navigation (2)

Re: Permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Heath Johns <public(at)elesi(dot)org>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Permissions
Date: 2001-02-27 23:08:04
Message-ID: 13283.983315284@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-novice
Heath Johns <public(at)elesi(dot)org> writes:
> First off, thank you for your reply.  I have an additional problem
> however.  I have many stunnels (ssh like tcp tunnels) coming into this
> box that communicate with pgsql, all of which I need to password
> authenticate. They obviously only work on tcp sockets.  If I were to
> ident them, it would surely come back with the owner of the stunnel.
> Also, these tunnels map an external port to localhost, so I cannot do
> host based authentication.

Okay, that is a little bit messy.

> I would be more than happy if the situation were reversed, with unix
> users not requiring a password, and all tcp connections being password
> authenticated (which would seem to me the more logical arangement).
> Unfortunately, there appears to be no way to do this.

Um, the users coming in through stunnels must reach the postmaster via
TCP, no?  Or are they first logging into local shells and then running
psql locally?  If they do use TCP connections then it seems like

	local	all trust
	host	all 127.0.0.1 255.255.255.255 password

will do what you just said.  The local users just have to be careful
not to set PGHOST ...

			regards, tom lane

In response to

Responses

pgsql-novice by date

Next:From: Heath JohnsDate: 2001-02-27 23:43:55
Subject: Re: Permissions
Previous:From: Heath JohnsDate: 2001-02-27 22:32:04
Subject: Re: Permissions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group