Re: local security

Hi,

Thanks for all of the responses. Setting the pghost variable works, but I
now realize that the situation is a bit more complex. If you do that, you
can no longer do things like restores from backups without editing the
configuration file because postgresql wont let you change users. This is of
course not a great problem, but it is a bit annoying. What I really want is
that normal users can only logon as themselves, but superusers can logon as
anyone. Even better would be that postgres uses the standard unix security
and that on connecting it asks for the appropriate unix password unless you
are a superuser in which case it just connects. How hard would this be to
implement and is it worth doing? I could try to implement it if there was a
need.

Thanks,
David

Tom Lane wrote:

> "David M. Kaplan" <dkaplan(at)genes(dot)bio(dot)puc(dot)cl> writes:
> > I have a very simple security setup wish. I only want to allow local
> > connections where each user can only log into postgres as himself, but
> > there isnt a "ident sameuser" option for local connections. Is there
> > any way around this? Can anyone explain to me why such an option doesnt
> > exist for local connections?
>
> Because IDENT is a TCP protocol and only applies to connections made via
> TCP. (Some platforms have ways to get similar info for Unix
> connections, but AFAIK they're not standardized.)
>
> If you set environment variable PGHOST to "localhost" then things will
> work fairly transparently over TCP ...
>
> regards, tom lane