From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
---|---|
To: | Blaine Simpson <blaine(dot)simpson(at)admc(dot)com> |
Cc: | "pgsql-jdbc(at)postgresql(dot)org" <pgsql-jdbc(at)postgresql(dot)org> |
Subject: | Re: JDBC connection issue |
Date: | 2004-07-22 02:27:11 |
Message-ID: | 40FF25FF.6030307@opencloud.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Blaine Simpson wrote:
> Oliver Jowett wrote:
>
>> Blaine Simpson wrote:
>>
>>> Oliver Jowett wrote:
>>>
>>>> Blaine Simpson wrote:
>>>>
>>>>> You don't need an ident server if you use "md5", you do need an
>>>>> ident server if you
>>>>> use "trust".
To reiterate -- the second half of this statement is wrong.
> The reason I question the implication is not that I can't read, but
> because I have tried to use
> psql (not JDBC) over tcpip sockets with "ident", and, what do you know,
> just like Kris said,
> there were system log messages about ident failures. This is because
> identd is disabled on
> our servers and blocked by our firewalls.
Sure -- to use ident authentication over TCP/IP, you need an ident
server. There's no disagreement there. But trust authentication is a
completely separate mechanism. It does not require an ident server.
To make sure I wasn't going crazy, I just doublechecked against the
7.4.1 server here. It does not make outgoing ident connections when
accepting connections from an IP that is configured for 'trust'.
>>> But, as I've found in practice, and as Kris Jurka has pointed out,
>>> you do have to satisfy ident
>>> protocol requirements to use trust with network sockets.
[... more about ident authentication needing an ident server ...]
I'm not disagreeing with you about ident authentication -- it's trust
authentication we're talking about.
-O
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Jowett | 2004-07-22 11:32:16 | Re: [JDBC] V3 protocol + DECLARE problems |
Previous Message | Blaine Simpson | 2004-07-21 23:41:02 | Re: JDBC connection issue |