| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Helge Bahmann <bahmann(at)math(dot)tu-freiberg(dot)de> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, pgman(at)candle(dot)pha(dot)pa(dot)us |
| Subject: | Re: [PATCHES] Allow IDENT authentication on local connections (Linux only) |
| Date: | 2001-08-02 13:17:33 |
| Message-ID: | 5011.996758253@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Helge Bahmann <bahmann(at)math(dot)tu-freiberg(dot)de> writes:
> Most certainly they do not, or at least it is called differently; I
> grepped includes of: FreeBSD 4.2, Solaris 8, Irix 6.5 and AIX (4.3?) and
> did not find SO_PEERCRED.
> On FreeBSD (and I guess Solaris as well) it is possible to pass
> credentials using ancillary messages (Linux works as well, so this
> approach would be significantly more portable). However this requires the
> cooperation of the client who has to actively *send* his credentials, so
> this would require changes to both the backend and libpq.
Ah, now I understand: those references I saw mention the existence of
the underlying SCM_CREDENTIALS (or whatever it's called) message type,
not the SO_PEERCRED getsockopt facility.
I agree that it's not worth pursuing at the moment. A localized change
in the backend is one thing, but an OS-specific addition to our client-
visible authentication protocol would be a lot bigger change, and a lot
more debatable. If we get a larger/more active Solaris user community,
maybe someone will be motivated to do it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gunnar Rønning | 2001-08-02 14:01:37 | Re: Re: What needs to be done? |
| Previous Message | Tom Lane | 2001-08-02 13:00:14 | Re: Re: [PATCHES] Allow IDENT authentication on local connections (Linux only) |