Re: [GENERAL] Re: Debian's PostgreSQL packages

Funny, I found this going through my mailbox. Seems I was going to
return to this SO_PEERCRED anyway.

> Bruce Momjian wrote:
> >> > I think our current idea is to have people run local ident servers to
> >> > handle this. We don't have any OS-specific stuff in pg_hba.conf and I
> >> > am not sure if we want to add that complexity. What do others think?
> >>
> >> This is not any less "specific" than SSL or Kerberos. Note that opening a
> >> TCP/IP socket already opens a theoretical hole to the world. Unix domain
> >> is much safer.
> >
> >You can install SSL/Kerberos on any Unix, and many come pre-installed.
> >You can't add unix-domain socket user authentication to any OS.
> >
> >I assume most OS's have 127.0.0.1 set as loopback so there shouldn't be
> >a hole:
> >
> >127 127.0.0.1 UGRS 4352 lo0
> >127.0.0.1 127.0.0.1 UH 4352 lo0
> >
> >However, the security issue may make it worthwhile. Which OS's support
> >user authentication again, and can we test via configure? Maybe we can
> >strip out the mention in the pg_hba.conf file if it is not supported on
> >that OS.
>
> The security issue is why I developed it. There were complaints from people
> who did not want to have identd running at all.
>
> I think the feature is available in Linux, Solaris and some BSD. It can be
> tested for by whether SO_PEERCRED is defined in sys/socket.h.
>
> I don't see the need to strip mention from the comments in pg_hba.conf. The
> situation is no different from those systems which do not have Kerberos or
> SSL available.
>
> --
> Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
> Isle of Wight http://www.lfix.co.uk/oliver
> PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
> GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
> ========================================
> "I waited patiently for the LORD; and he inclined unto
> me, and heard my cry. He brought me up also out of an
> horrible pit, out of the miry clay, and set my feet
> upon a rock, and established my goings. And he hath
> put a new song in my mouth, even praise unto our God.
> Many shall see it, and fear, and shall trust in the
> LORD." Psalms 40:1-3
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026