Re: How to deny user changing his own password?

On Thu, May 29, 2003 at 17:09:18 -0500,
nolan(at)celery(dot)tssi(dot)com wrote:
>
> I'm not sure 'ident' solves the problem any better than an embedded password
> does, and the documentation on ident raises this red flag:

If you want to run applications that connect to your DB from untrusted
hosts there probably isn't any good solution. If you are connecting from
untrusted networks, than you may want to set up an authenticated tunnel
which you can then use for connecting to the DB.
However, neither of these are the normal case.

Ident authentication is better than password authentication because it is
bound to the machine. Someone can't change it out from under or take it with
them to use from another machine.

>
> This authentication method is therefore only appropriate for
> closed networks where each client machine is under tight control
> and where the database and system administrators operate in close
> contact. In other words, you must trust the machine running the
> ident server. Heed the warning:
>
> The Identification Protocol is not intended as an authorization
> or access control protocol. --RFC 1413

Note that for applications running on the DB server you don't have to use
an RFC 1413 server. On server common operating systems you can find out
the user id of the process connecting to you via domain sockets. This is
as good as whatever the user used to authenticate to the OS.