| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Disabling trust/ident authentication configure option |
| Date: | 2015-05-20 21:54:44 |
| Message-ID: | 20150520215444.GR27868@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-05-20 15:42:23 -0400, Stephen Frost wrote:
> > So the first thing to establish is "other than Volker himself, who are
> > we helping here?"
>
> I don't agree with this either. Providing a "bypass all authentication"
> configuration option really isn't a good thing. Why don't packagers use
> our default pg_hba.conf? Because it only makes sense in a development
> type of environment. I'd argue the same is true for 'trust'.
Uh. So if the shit hit the fan because you mismanaged a password
rollover, kereberos is down, or something like that, and you can't
access postgres anymore you want to recompile? And no peer isn't an
answer isn't an answer, it's not available on windows. Your only way out
is going to be single user mode. But wait, that's a security hole too.
I find the arguments presented in this thread for a configure option
entirely unconvincing. If you'd argued for a saner default
authentication setup: I'd be on board with that. But this seems just a
pointless exercise in making things more complicated.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-05-20 21:58:16 | Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |
| Previous Message | Tom Lane | 2015-05-20 21:47:56 | Re: ERROR: cannot GetMultiXactIdMembers() during recovery |