| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgres Pain Points: 1 pg_hba conf |
| Date: | 2016-08-11 21:19:05 |
| Message-ID: | 66353cd6-e5fd-7a0a-a79c-9e6c7c571f0a@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 8/11/2016 1:48 PM, Jeff Janes wrote:
>> #1) pg_hba conf
>> >Out of the box the md5 setting blocks access.
> That depends on which box you got it out of. If you compile the
> source yourself, its default settings are 'trust', not 'md5'.
>
> If you get it from a repository, it is up to the repository's policies
> and/or the packager's tastes to decide what defaults to use.
>
> In my hands, md5 blocks access exactly when it should, when the user
> fails to provide the valid password.
my defacto pg_hba.conf reads like this...
local all all peer
host all all 127.0.0.0/8 md5
host all all ::1 md5
# host all all xxx.yyy.zzz.0/24 md5 ## uncomment and adjust
hostmask to suit LAN client addresses
with this setup, if user X runs psql with no arguments, it authenticates
them as sql user X. if user X wants to connect to postgres as sql user
Y, then `psql -h localhost -U Y ...` (or equivalent in whatever API) and
use the sql Y role password to authenticate.
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2016-08-11 22:19:56 | Re: Any reasons for 'DO' statement not returning result? |
| Previous Message | Melvin Davidson | 2016-08-11 20:54:20 | Re: Postgres Pain Points 2 ruby / node language drivers |