| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Indent authentication overloading |
| Date: | 2010-11-18 18:21:50 |
| Message-ID: | 4411.1290104510@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> We use it. Do you have an alternative that doesn't lower security
>> besides Kerberos? Anti-ident arguments are straw man arguments - "If
>> you setup identd badly or don't trust remote root or your network,
>> ident sucks as an authentication mechanism".
> Actually, you're trusting that nobody can add their own machine as a
> node on your network. All someone has to do is plug their linux laptop
> into a network cable in your office and they have free access to the
> database.
You're assuming the OP is using ident for wild-card IP ranges rather
than specific IP addresses. I agree that ident is *hard* to set up
securely, but that doesn't mean it's entirely insecure.
> I don't think anyone is talking about eliminating it, just
> distinguishing ident-over-TCP from unix-socket-same-user, which are
> really two different authentication mechanisms.
> HOWEVER, I can't see any way of doing this which wouldn't cause a
> significant amount of backwards-compatibility confusion.
I thought the proposal on the table was to add "peer" (or some other
name) to refer to the unix-socket auth method, and use that term
preferentially in the docs, while continuing to accept "ident" as an
old name for it. Is that really too confusing?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2010-11-18 18:26:26 | Re: Indent authentication overloading |
| Previous Message | Robert Haas | 2010-11-18 18:17:26 | Re: final patch - plpgsql: for-in-array |