Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Solaris ident authentication using unix domain sockets

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu>, pgsql-patches(at)postgresql(dot)org
Subject: Re: [PATCHES] Solaris ident authentication using unix domain sockets
Date: 2008-07-06 04:51:45
Message-ID: 23040.1215319905@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Robert Treat wrote:
>> Hmm... I've always been told that Solaris didn't support this because the 
>> Solaris developers feel that IDENT is inherently insecure.

> We don't actually use the Ident protocol for Unix sockets on any 
> platform.

Indeed.  If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken.  This is
entirely unrelated to the known shortcomings of the "ident" IP
protocol.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-07-06 05:19:19
Subject: Re: time_stamp type
Previous:From: David E. WheelerDate: 2008-07-06 00:47:11
Subject: Re: PATCH: CITEXT 2.0

pgsql-patches by date

Next:From: Tom LaneDate: 2008-07-06 05:53:20
Subject: Re: pgbench minor fixes
Previous:From: Andrew DunstanDate: 2008-07-05 23:13:32
Subject: Re: [PATCHES] Solaris ident authentication using unix domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group