From: | Nicolas Huillard <nhuillard(at)ghs(dot)fr> |
---|---|
To: | "'Mark Jewiss'" <Mark(dot)Jewiss(at)knowledge(dot)com>, "pgsql-general(at)postgreSQL(dot)org" <pgsql-general(at)postgreSQL(dot)org> |
Subject: | RE: [GENERAL] Another access control query |
Date: | 1999-10-14 16:08:11 |
Message-ID: | 01BF1670.32342690@toulouse |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users you want to be able to connect from the servip to the dbX.
The lines in pg_hba looks like :
host bd1 serverip1 netmask password password.username1
host bd2 serverip2 netmask password password.username2
You can create the "password.*" files using the pg_passwd command.
This way, passwords are stored in files rather than in the pg_shadow table, and you cannot use the "crypt" authmode.
It seems that ODBC access from remote workstations can't use the crypt authmode, so it is not a real problem. Can someone tell me if it's true ?
Second problem : you must set the suer password in both the pg_shadow table (using psql), and the passwd.* files (using pg_passwd).
Yours,
Nicolas Huillard
-----Message d'origine-----
De: Mark Jewiss [SMTP:Mark(dot)Jewiss(at)knowledge(dot)com]
Date: jeudi 14 octobre 1999 16:50
À: pgsql-general(at)postgreSQL(dot)org
Objet: [GENERAL] Another access control query
Hello,
Similar to other questions I've seen posed in the last day or so,
apologies if this exact question has been asked, I don't think it has.
I want to restrict access to a set of databases to connections from a
specfic machine and a specific user.
Lines in my pg_hba.conf file are similar to this:
host db1 serverip netmask password
Effectively what I want to do is have something like:
host db1 username1 serverip netmask password
host db2 username2 serverip netmask password
thereby ensuring that it is not possible for user2 to connect to db1 from
the same machine.
I know I can set up the different db's so that table security only gives
any access to the user I want, but that is fiddly. Being able to do the
above and prevent connections to the database will resolve that issue.
Any ideas?
Regards,
Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com
************
From | Date | Subject | |
---|---|---|---|
Next Message | Nicolas Huillard | 1999-10-14 16:12:10 | RE: [GENERAL] insert BLOB |
Previous Message | Nikolay Mijaylov | 1999-10-14 15:57:50 | Fw: [GENERAL] Fw: Indexes?!?!? AGAIN!!!! |