| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Philip Warner <pjw(at)rhyme(dot)com(dot)au> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security choices... |
| Date: | 2000-08-05 03:13:23 |
| Message-ID: | 200008050313.XAA09719@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> At 18:34 4/08/00 -0400, Bruce Momjian wrote:
> >[ Charset ISO-8859-1 unsupported, converting... ]
> >> Philip Warner writes:
> >>
> >> > Is there any reason that a security model does not exist for psql that
> >> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> >> > but any user trying to log on as someone other than themselves has to
> >> > provide a password?
> >>
> >> Short of someone sitting down and making it happen I don't see any. You'd
> >> only need to implement some sort of fall-through in `pg_hba.conf', which
> >> in my estimate can't be exceedingly hard.
> >
> >How do you know Fred is Fred without a password?
> >
>
> The idea was to apply only on the matchine on which the postmaster runs;
> then ideally you get the username of the client process. It's kind of like
> IDENT, except it works only for local connections, and asks for passwords
> for non-local connections.
I am not aware of any way to determine the PID at the other end of a
unix domain socket.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alex Pilosov | 2000-08-05 03:50:20 | Peer credentials (was Security choices...) |
| Previous Message | Thomas Lockhart | 2000-08-05 02:28:32 | Re: Differences between int8 and int4 as pkeys and fkeys |