From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Josh Berkus <josh(at)agliodbs(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Indent authentication overloading |
Date: | 2010-11-18 18:21:50 |
Message-ID: | 4411.1290104510@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> We use it. Do you have an alternative that doesn't lower security
>> besides Kerberos? Anti-ident arguments are straw man arguments - "If
>> you setup identd badly or don't trust remote root or your network,
>> ident sucks as an authentication mechanism".
> Actually, you're trusting that nobody can add their own machine as a
> node on your network. All someone has to do is plug their linux laptop
> into a network cable in your office and they have free access to the
> database.
You're assuming the OP is using ident for wild-card IP ranges rather
than specific IP addresses. I agree that ident is *hard* to set up
securely, but that doesn't mean it's entirely insecure.
> I don't think anyone is talking about eliminating it, just
> distinguishing ident-over-TCP from unix-socket-same-user, which are
> really two different authentication mechanisms.
> HOWEVER, I can't see any way of doing this which wouldn't cause a
> significant amount of backwards-compatibility confusion.
I thought the proposal on the table was to add "peer" (or some other
name) to refer to the unix-socket auth method, and use that term
preferentially in the docs, while continuing to accept "ident" as an
old name for it. Is that really too confusing?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2010-11-18 18:26:26 | Re: Indent authentication overloading |
Previous Message | Robert Haas | 2010-11-18 18:17:26 | Re: final patch - plpgsql: for-in-array |