Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] pgsql/php3/apache authentication

From: Malcolm Beattie <mbeattie(at)sable(dot)ox(dot)ac(dot)uk>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Jim Mercer <jim(at)reptiles(dot)org>, pgsql-general(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [HACKERS] pgsql/php3/apache authentication
Date: 2000-04-27 09:51:32
Message-ID: 20000427105132.A31024@sable.ox.ac.uk (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackers
Peter Eisentraut writes:
> On Wed, 26 Apr 2000, Jim Mercer wrote:
> 
> > - queries via localhost (unix domain sockets) should assume that the pg_user
> > is the same as the unix user running the process.
> 
> There's no way for the server to determine the system user name of the
> other end of a domain socket; at least no one has implemented one yet. So
> essentially this isn't going to work.

The client can pass an SCM_CREDENTIALS (Linux) or SCM_CREDS (BSDish)
socket control message down the Unix domain socket and the kernel will
fill in the client's credentials (including PID, uid and gid) for the
receiver to read. Some Unices don't support this though. If noone else
implements this, I'll try to find time to do it myself though I've
only touched the server side of pg authentication before and haven't
looked at what exactly the client side sends across already. Without
SCM_CRED[ENTIAL]S, it gets very messy passing reliable (or even
semi-reliable) authentication information. STREAMS has another way to
send/receive credentials but not via the socket API.

--Malcolm

-- 
Malcolm Beattie <mbeattie(at)sable(dot)ox(dot)ac(dot)uk>
Unix Systems Programmer
Oxford University Computing Services

In response to

Responses

pgsql-hackers by date

Next:From: Jim MercerDate: 2000-04-27 18:58:47
Subject: Re: [HACKERS] pgsql/php3/apache authentication
Previous:From: Jan WieckDate: 2000-04-27 09:17:39
Subject: Re: [HACKERS] pgsql/php3/apache authentication

pgsql-general by date

Next:From: Carsten HuettlDate: 2000-04-27 10:59:51
Subject: Re: pgsql odbc
Previous:From: Lincoln YeohDate: 2000-04-27 09:28:35
Subject: Re: pgsql DATE

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group