Re: Allow IDENT authentication on local connections (Linux only)

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Helge Bahmann <bahmann(at)math(dot)tu-freiberg(dot)de>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: Allow IDENT authentication on local connections (Linux only)
Date: 2001-07-31 14:19:04
Message-ID: 200107311419.f6VEJ4v13688@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

> On Tue, 31 Jul 2001, Bruce Momjian wrote:
> > I don't see any configure.in code here to test for the CRED capability.
> No, as I wrote in my mail; wanted to get some comment first, if this
> is useful at all. I'm no autoconf guru, so there may be a better
> way (help wanted!), but here it goes as a quick hack:
>
> AC_EGREP_CPP(yes,
> #include <sys/socket.h>
> #ifdef SO_PEERCRED
> yes
> #endif
> ],
> AC_DEFINE(HAVE_SO_PEERCRED),
> [])
>
> and a corresponding entry to config.h.in:
>
> /* Define if you have SO_PEERCRED */
> #undef HAVE_SO_PEERCRED

OK, no problem. It is easy to add.

> I'll make a new patch if you prefer.
>
> > How does this affect pg_hba.conf? Did you specify "trust" on that line?
> simply specify "ident", like the following:
>
> local all ident sameuser
>
> > Do we test when they have specified trust, and if not, what word do we
> > use?
> No, this would change semantics of an existing keyword. I think it is
> quite logical to use "ident" as a keyword for both local and remote
> connections.

This makes sense. We can't currently do local/indent and it makes sense
to use that here. I figure we could add this and add other OS's as we
need them. Does it report an pg_hba.conf error if your OS doesn't
support this?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2001-07-31 14:50:35 Re: Allow IDENT authentication on local connections (Linux only)
Previous Message Helge Bahmann 2001-07-31 14:02:50 Re: Allow IDENT authentication on local connections (Linux only)