RE: [GENERAL] Another access control query

You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users you want to be able to connect from the servip to the dbX.
The lines in pg_hba looks like :
host bd1 serverip1 netmask password password.username1
host bd2 serverip2 netmask password password.username2

You can create the "password.*" files using the pg_passwd command.
This way, passwords are stored in files rather than in the pg_shadow table, and you cannot use the "crypt" authmode.
It seems that ODBC access from remote workstations can't use the crypt authmode, so it is not a real problem. Can someone tell me if it's true ?
Second problem : you must set the suer password in both the pg_shadow table (using psql), and the passwd.* files (using pg_passwd).

Yours,

Nicolas Huillard

-----Message d'origine-----
De: Mark Jewiss [SMTP:Mark(dot)Jewiss(at)knowledge(dot)com]
Date: jeudi 14 octobre 1999 16:50
À: pgsql-general(at)postgreSQL(dot)org
Objet: [GENERAL] Another access control query

Hello,

Similar to other questions I've seen posed in the last day or so,
apologies if this exact question has been asked, I don't think it has.

I want to restrict access to a set of databases to connections from a
specfic machine and a specific user.

Lines in my pg_hba.conf file are similar to this:

host db1 serverip netmask password

Effectively what I want to do is have something like:

host db1 username1 serverip netmask password
host db2 username2 serverip netmask password

thereby ensuring that it is not possible for user2 to connect to db1 from
the same machine.

I know I can set up the different db's so that table security only gives
any access to the user I want, but that is fiddly. Being able to do the
above and prevent connections to the database will resolve that issue.

Any ideas?

Regards,

Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com

************