| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: restricting identd to just the loopback adapter. |
| Date: | 2003-01-28 13:58:57 |
| Message-ID: | 20030128135857.GA13823@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Sun, Jan 26, 2003 at 21:48:33 -0800,
Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> wrote:
> I have installed running pg 7.2, and it apparently would like to have
> an identd server to help it establish who is who.
First off, are the users logging into the same machine that the database
server is running on? If so, than you don't need to run an ident server,
you can use domain sockets for connections and the getpeeruid function
will be used to do ident authentication.
> I installed pidentd from the red hat 8.0 distribution and started it
> up but, but looking over the conf files, there is apparently no way to
> restrict identd to listening/binding only to the localhost adapter.
You can use iptables to do this. Block tcp traffic to the identd port
that isn't coming from loopback (though this implies that you have the
situation above and shouldn't be using identd) or if the postgres
server is on another machine, restrict traffic based on IP address.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Javier Alperte | 2003-01-28 16:09:27 | Problem with BYTEA data types restoring dumped data from another postgres database |
| Previous Message | Nick Fankhauser | 2003-01-28 09:27:24 | Re: New User - Please Help |