| From: | "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Using both ident and password in pg_hba.conf |
| Date: | 2016-05-10 02:46:55 |
| Message-ID: | 20160509224655.093ed542@imp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 9 May 2016 14:56:14 -0700
John R Pierce <pierce(at)hogranch(dot)com> wrote:
> over a tcp socket, there's no way of knowing *WHAT* the system user
> is short of querying the unreliable service 'authd' (113/tcp) and
> hoping that it A) exists and B) returns something meaningful.
> authd/ident services can return virtually anything they want to.
I run both the client web server and the database server. Outside
machines require passwords.
> when pg_hba.conf is searched, all thats known is the socket type
> (host or local), the database name, the requested(!) username, and if
> its 'host', the source IP address. this is used to select the
> desired authentication method for that combination.
Yes, it is missing that one piece I suggested - the ability to select
based on the authenticated name. That's what I am trying to work
around.
--
D'Arcy J.M. Cain <darcy(at)druid(dot)net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner.
IM: darcy(at)Vex(dot)Net, VoIP: sip:darcy(at)druid(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-05-10 03:21:28 | Re: Error in log file after database crash |
| Previous Message | D'Arcy J.M. Cain | 2016-05-10 02:43:53 | Re: Using both ident and password in pg_hba.conf |