Skip site navigation (1) Skip section navigation (2)

Re: Help with access control settings in pg_hba.conf --

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Help with access control settings in pg_hba.conf --
Date: 2005-01-27 17:57:33
Message-ID: 20050127175733.GB23613@wolff.to (view raw or flat)
Thread:
Lists: pgsql-admin
On Thu, Jan 27, 2005 at 12:22:06 -0500,
  Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu> wrote:
> 
> 	the solution was in disabling the 'result:encrypt' option
> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
> IDENT started returning plaintext names instead of encrypted strings,
> and clearly PostgreSQL ident client doesn't know how to handle encrypted
> IDENT responses. Something to fix in the future release perhaps? or
> maybe it's fixed already...

When you encrypt names for ident, the other host isn't supposed to be
able to figure out who is making the request. If the remote site has
a problem they can give the string back to the connecting site's admins
and then they can figure out who is causing problems.

If you are actually using ident for authentication, you don't want to use
the encrypted mode unless you are willing to modify applications so that
they can decrypt the ident strings.

In response to

Responses

pgsql-admin by date

Next:From: Zebic AdiDate: 2005-01-27 18:52:30
Subject: postgresql install problem
Previous:From: Victor DanilchenkoDate: 2005-01-27 17:22:06
Subject: Re: Help with access control settings in pg_hba.conf --

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group