| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Emmanuel Dreyfus <manu(at)netbsd(dot)org>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: password method in pg_hba.conf fails |
| Date: | 2003-03-07 19:22:21 |
| Message-ID: | 200303071922.h27JMMa14283@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
> > I thought about implementing a PAM for this, since 7.3 supports
> > PAM. What do you think about it?
>
> The whole point of PAM is to allow installation-local authentication
> methods, so you could easily set up something that checks a password
> against /etc/passwd if you like. (There is surely such a PAM module
> out there already, I'd expect, so look before you write.)
>
> If your OS supports it, you might also want to consider using
> Unix-socket-IDENT authentication, and forget passwords altogether.
Right. If you are using unix socket, they have already logged in, and
'local ident' allow you to know for sure who is on the other end of the
socket.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2003-03-07 19:34:35 | Re: division by zero |
| Previous Message | Bruce Momjian | 2003-03-07 19:04:58 | Re: replicating DDL statements |