Skip site navigation (1) Skip section navigation (2)

Re: Help with access control settings in pg_hba.conf --

From: Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Help with access control settings in pg_hba.conf --
Date: 2005-01-28 20:38:38
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
On Thu, 27 Jan 2005, Bruno Wolff III wrote:

>On Thu, Jan 27, 2005 at 12:22:06 -0500,
>  Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu> wrote:
>> 	the solution was in disabling the 'result:encrypt' option
>> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
>> IDENT started returning plaintext names instead of encrypted strings,
>> and clearly PostgreSQL ident client doesn't know how to handle encrypted
>> IDENT responses. Something to fix in the future release perhaps? or
>> maybe it's fixed already...
>When you encrypt names for ident, the other host isn't supposed to be
>able to figure out who is making the request. If the remote site has
>a problem they can give the string back to the connecting site's admins
>and then they can figure out who is causing problems.
>If you are actually using ident for authentication, you don't want to use
>the encrypted mode unless you are willing to modify applications so that
>they can decrypt the ident strings.

	Aha. Gotcha. Thanks.

|  Victor  Danilchenko  | When in danger or in doubt,        |
| danilche(at)cs(dot)umass(dot)edu | run in circles, scream, and shout. |
|   CSCF   |   5-4231   |                    Robert Heinlein |

In response to

pgsql-admin by date

Next:From: Roderick A. AndersonDate: 2005-01-28 22:48:19
Subject: SET command
Previous:From: Christopher BrowneDate: 2005-01-28 17:05:11
Subject: Re: Database Scalability

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group