Re: restricting identd to just the loopback adapter.

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: restricting identd to just the loopback adapter.
Date: 2003-01-28 13:58:57
Message-ID: 20030128135857.GA13823@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Sun, Jan 26, 2003 at 21:48:33 -0800,
Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> wrote:
> I have installed running pg 7.2, and it apparently would like to have
> an identd server to help it establish who is who.

First off, are the users logging into the same machine that the database
server is running on? If so, than you don't need to run an ident server,
you can use domain sockets for connections and the getpeeruid function
will be used to do ident authentication.

> I installed pidentd from the red hat 8.0 distribution and started it
> up but, but looking over the conf files, there is apparently no way to
> restrict identd to listening/binding only to the localhost adapter.

You can use iptables to do this. Block tcp traffic to the identd port
that isn't coming from loopback (though this implies that you have the
situation above and shouldn't be using identd) or if the postgres
server is on another machine, restrict traffic based on IP address.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Javier Alperte 2003-01-28 16:09:27 Problem with BYTEA data types restoring dumped data from another postgres database
Previous Message Nick Fankhauser 2003-01-28 09:27:24 Re: New User - Please Help