| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: [PATCHES] Solaris ident authentication using unix domain sockets |
| Date: | 2008-07-06 04:51:45 |
| Message-ID: | 23040.1215319905@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Robert Treat wrote:
>> Hmm... I've always been told that Solaris didn't support this because the
>> Solaris developers feel that IDENT is inherently insecure.
> We don't actually use the Ident protocol for Unix sockets on any
> platform.
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the "ident" IP
protocol.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-07-06 05:19:19 | Re: time_stamp type |
| Previous Message | David E. Wheeler | 2008-07-06 00:47:11 | Re: PATCH: CITEXT 2.0 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-07-06 05:53:20 | Re: pgbench minor fixes |
| Previous Message | Andrew Dunstan | 2008-07-05 23:13:32 | Re: [PATCHES] Solaris ident authentication using unix domain sockets |