Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

From: Michael Graff <explorer(at)flame(dot)org>
To: Goran Thyni <goran(at)bildbasen(dot)se>
Cc: brett(at)work(dot)chicken(dot)org, ocie(at)paracel(dot)com, maillist(at)candle(dot)pha(dot)pa(dot)us, scrappy(at)hub(dot)org, jwieck(at)debis(dot)com, Andreas(dot)Zeugswetter(at)telecom(dot)at, pgsql-hackers(at)hub(dot)org
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date: 1998-03-05 01:05:36
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Goran Thyni <goran(at)bildbasen(dot)se> writes:

> IMHO, even Kerberous should be removed.

No, it should be fixed, not removed.  I would very much like to use krb5

My main problem with the whole authentication system is that there can only
be one global method.  That is, everything is password based, on one
password per user.

I would think a good method would have the (username, auth-data) stored
together, but you could have multiple (username, auth-data) tuples.  For
instance, I might have a Kerberos5 authentication:

	usename		authtype	authdata
	---------------	---------------	------------------------------
	explorer	krb5		explorer(at)FLAME(dot)ORG
	explorer	md5		4f1929cbca91deadbeef0123...
	explorer	cryptpw		UNIX-standard crypted string
	explorer	plainpw		password

Then I can control how someone connects down to a method.  I could
allow different methods for different trust levels.  I might trust my
local, server machine with just a password, but deny access to the rest
of the net unless they use Kerberos5.


In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 1998-03-05 01:24:36
Subject: Re: [QUESTIONS] Problems with running v6.3 on DIGITAL UNIX
Previous:From: Michael GraffDate: 1998-03-05 00:58:55
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group