| From: | Philip Warner <pjw(at)rhyme(dot)com(dot)au> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security choices... |
| Date: | 2000-08-05 00:13:54 |
| Message-ID: | 3.0.5.32.20000805101354.01d91100@mail.rhyme.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At 18:34 4/08/00 -0400, Bruce Momjian wrote:
>[ Charset ISO-8859-1 unsupported, converting... ]
>> Philip Warner writes:
>>
>> > Is there any reason that a security model does not exist for psql that
>> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
>> > but any user trying to log on as someone other than themselves has to
>> > provide a password?
>>
>> Short of someone sitting down and making it happen I don't see any. You'd
>> only need to implement some sort of fall-through in `pg_hba.conf', which
>> in my estimate can't be exceedingly hard.
>
>How do you know Fred is Fred without a password?
>
The idea was to apply only on the matchine on which the postmaster runs;
then ideally you get the username of the client process. It's kind of like
IDENT, except it works only for local connections, and asks for passwords
for non-local connections.
----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: (+61) 0500 83 82 81 | _________ \
Fax: (+61) 0500 83 82 82 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Philip Warner | 2000-08-05 00:16:17 | Re: Security choices... |
| Previous Message | Henry B. Hotz | 2000-08-04 22:50:42 | Re: Installation Report for powerpc-apple-netbsdelf1.5 |