Skip site navigation (1) Skip section navigation (2)

Re: restricting identd to just the loopback adapter.

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: restricting identd to just the loopback adapter.
Date: 2003-01-28 13:58:57
Message-ID: 20030128135857.GA13823@wolff.to (view raw or flat)
Thread:
Lists: pgsql-admin
On Sun, Jan 26, 2003 at 21:48:33 -0800,
  Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> wrote:
> I have installed running pg 7.2, and it apparently would like to have
> an identd server to help it establish who is who.

First off, are the users logging into the same machine that the database
server is running on? If so, than you don't need to run an ident server,
you can use domain sockets for connections and the getpeeruid function
will be used to do ident authentication.

> I installed pidentd from the red hat 8.0 distribution and started it
> up but, but looking over the conf files, there is apparently no way to
> restrict identd to listening/binding only to the localhost adapter.

You can use iptables to do this. Block tcp traffic to the identd port
that isn't coming from loopback (though this implies that you have the
situation above and shouldn't be using identd) or if the postgres
server is on another machine, restrict traffic based on IP address.

In response to

pgsql-admin by date

Next:From: Javier AlperteDate: 2003-01-28 16:09:27
Subject: Problem with BYTEA data types restoring dumped data from another postgres database
Previous:From: Nick FankhauserDate: 2003-01-28 09:27:24
Subject: Re: New User - Please Help

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group