Re: Re: [PATCHES] Allow IDENT authentication on local connections (Linux only)

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Not here on BSD/OS. I know I saw a Solaris patch that did exactly this
> and I questioned it because it was only for Solaris. Now that I
> research and I see different OS's doing this different ways, and I have
> mucked up hba.c already, it seemed like a good patch.

Well, if someone can come up with a way to do the same thing on other
platforms, we can easily fold it in.

Now that I think about it, it's silly to #ifdef SO_PEERCRED in three
places. We can reduce that to one place: make ident_unix always exist,
and have it do the test for supported-or-not:

#ifdef SO_PEERCRED
do it the Linux way
#else
report error "IDENT not supported on local connections"
#endif

Then adding variants for other platforms is just a matter of more ifdefs
in the one place. I'll take care of doing this in a little bit...

BTW, a question for Linuxers: Oliver's older patch did
setsockopt(SO_PASSCRED) before getsockopt(SO_PEERCRED), whereas Helge's
version did not. I included the PASSCRED step in what I committed,
because the Linux docs I had at hand implied it was needed. But
evidently it worked without it for Helge. Is there some variation among
Linux versions as to whether PASSCRED is enabled by default?

regards, tom lane