| From: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Ident authentication failed |
| Date: | 2020-03-29 23:21:09 |
| Message-ID: | 20200329232109.GB11265@hjp.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2020-03-26 21:33:51 +0100, Christoph Moench-Tegeder wrote:
> ## Ted To (ted(at)theo(dot)to):
> > Thank you -- I added two lines to the hba file to allow for ident
> > authentication, restarted postgres and still the same errors.
>
> You probably don't want "ident" authentication - that's the thing
> with "identd" (see RfC 1413),
Depends on the type of socket. For unix sockets it's the same as peer
authentication.
> which even 20 years ago was only used in connection with IRC, but not
> really for "authentication".
I don't think there are any linux distributions which install identd by
default any more, so it wouldn't work anyway.
> You'd rather want "scram-sha-256" as the authentication method (hoping
> that whatever-go-uses can do that - come on, we got that in version 10),
> or (if that's not possible) "md5".
Actually, for local connections I prefer "peer". I'm already
authenticated by the OS, no need for a (second) password.
I should add that you shouldn't use "trust" unless
* no connection from other hosts is allowed, and
* all users on this host should have full access anyway.
This is rarely the case.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2020-03-29 23:22:59 | Re: Idle sessions keep deleted files open |
| Previous Message | Peter J. Holzer | 2020-03-29 22:49:13 | Idle sessions keep deleted files open |