| From: | Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Help with access control settings in pg_hba.conf -- |
| Date: | 2005-01-28 20:38:38 |
| Message-ID: | Pine.OSX.4.50.0501281538170.19393-100000@phobos.cs.umass.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Thu, 27 Jan 2005, Bruno Wolff III wrote:
>On Thu, Jan 27, 2005 at 12:22:06 -0500,
> Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu> wrote:
>>
>> the solution was in disabling the 'result:encrypt' option
>> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
>> IDENT started returning plaintext names instead of encrypted strings,
>> and clearly PostgreSQL ident client doesn't know how to handle encrypted
>> IDENT responses. Something to fix in the future release perhaps? or
>> maybe it's fixed already...
>
>When you encrypt names for ident, the other host isn't supposed to be
>able to figure out who is making the request. If the remote site has
>a problem they can give the string back to the connecting site's admins
>and then they can figure out who is causing problems.
>
>If you are actually using ident for authentication, you don't want to use
>the encrypted mode unless you are willing to modify applications so that
>they can decrypt the ident strings.
Aha. Gotcha. Thanks.
--
| Victor Danilchenko | When in danger or in doubt, |
| danilche(at)cs(dot)umass(dot)edu | run in circles, scream, and shout. |
| CSCF | 5-4231 | Robert Heinlein |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Roderick A. Anderson | 2005-01-28 22:48:19 | SET command |
| Previous Message | Christopher Browne | 2005-01-28 17:05:11 | Re: Database Scalability |