From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: server authentication over Unix-domain sockets |
Date: | 2010-06-11 12:08:59 |
Message-ID: | AANLkTild-Z3t_8XSd7qtOObzP45GGH3OaRar72sFHcoF@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Jun 11, 2010 at 14:07, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
>> The patch needs some portability work and possible refactoring because
>> of that, but before I embark on that, comments on the concept?
>
> I definitely like the idea but I dislike requiring the user to do
> something to implement it. Thinking about how packagers might want to
> use it, could we make it possible to build it defaulted to a specific
> value (eg: 'postgres' on Debian) and allow users a way to override
> and/or unset it?
Well, even if we don't put that in, the packager could export a global
PGREQUIREPEER environment variable.
> Having the option wouldn't do much unless users know of it and use it
> and it strikes that will very often not be the case.
>
> I'm impartial towards whatever PG wants to do with the default, just so
> long as packagers can override it and set it to something specific.
> Also, to that end, it's got to be name-based. Exim in Debian did
> something similar and actually tried to force a particular UID.. that
> was horrid. :) On Debian, at least, the user is almost always
> 'postgres', but the UID will vary depending on exactly when the packages
> were installed (before or after other system-user-creating packages).
Oh yes, absolutely name-based.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2010-06-11 12:11:57 | Re: server authentication over Unix-domain sockets |
Previous Message | Stephen Frost | 2010-06-11 12:07:26 | Re: server authentication over Unix-domain sockets |