| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Adrian(dot)Jackson(at)ioshq(dot)com |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Authentication against /etc/passwd? |
| Date: | 2001-03-22 06:04:08 |
| Message-ID: | 21438.985241048@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
<Adrian(dot)Jackson(at)ioshq(dot)com> writes:
> Is there any way to authenticate users against the /etc/passwd (or
> /etc/shadow) file rather than the pg_shadow table? Is there any good
> reason for *not* wanting to do this
Postgres users are not the same as Unix users --- there's no
particularly good reason to assume that remote users of your
database will have accounts on the server machine. (In fact,
I'd say it's a more secure setup if they *don't*.)
There's also the small point that on well-secured systems, the
real passwords aren't in /etc/passwd at all, and the postmaster
certainly should not have privileges to read /etc/shadow.
If you insist on doing this (and you keep passwords in /etc/passwd),
I believe it would work to set up password auth with a flat password
file that's just a symlink to /etc/passwd. The format is deliberately
chosen to be compatible...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vijay Deval | 2001-03-22 12:19:35 | Re: Join required?? |
| Previous Message | Anthony E . Greene | 2001-03-22 00:37:53 | Re: PAM support? (was: Authentication against /etc/passwd?) |