From: | "Serge Fonville" <serge(dot)fonville(at)gmail(dot)com> |
---|---|
To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Specific user does not require password for postgres |
Date: | 2008-11-03 16:21:21 |
Message-ID: | 680cbe0e0811030821v24ca618cta5404f9c8b9f7025@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi,
I have installed PostgreSQL 8.3.4 on Windows Vista Business Edition.
My currently logged on user is the only user that does not need to specify a
password when running psql -U postgres
I used the following guide:
PostgreSQL on Windows with SSL
----------------------------------
--All variables are in CAPITALS--
Create POSTGRES_SERVICE_USER
Remove POSTGRES_SERVICE_USER from Users
Assign POSTGRES_SERVICE_USER_PASSWORD to POSTGRES_SERVICE_USER
Grant POSTGRES_SERVICE_USER Run As Service (secpol.msc)
Create PGDIR (e.g. C:\Program Files\PostgreSQL)
Create PGDATA (e.g. C:\ProgramData\PostgreSQL\Data)
Define PGDATA
Define PGBIN (i.e. PGDIR\bin)
Add PGBIN to the Path
Give POSTGRES_SERVICE_USER change rights on both PGDATA as well as PGDIR
Extract PostgreSQL Windows archive to PGDIR
As an admin register PostgreSQL service
pg_ctl.exe register -U POSTGRES_SERVICE_USER -P
POSTGRES_SERVICE_USER_PASSWORD -m smart
Start a shell as POSTGRES_SERVICE_USER
runas /user:POSTGRES_SERVICE_USER cmd.exe
Run initdb <-- PGDATA must exist and be writable
initdb.exe -A md5 -U POSTGRES_SUPER_USER -W
Create certificate
openssl req -new -text -out server.req -newkey rsa:8192
openssl rsa -in privkey.pem -out server.key
openssl req -x509 -in server.req -text -key server.key -out server.crt
Edit postgresql.conf
listen_addresses = 'localhost'
ssl = on
log_destination = 'stderr'
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d.log'
log_rotation_size = 5MB
client_min_messages = log
log_min_messages = info
log_min_error_statement = info
log_timezone = Europe/Amsterdam
Edit pg_hba.conf
hostssl all postgres ::1/128 md5
hostssl all postgres 127.0.0.1/32 md5
It seems odd to me that the user that is logged in (and created the services
and directories) does not need to specify a password
I checked ownership on all directories (they are owned by local
administrators) and the specific user is nowhere specified in the security
permissions
Other users (also members of administrators) do need to specify a password.
Even though this is only a local development installation, I would really
like to understand why this happens
Thanks in advance,
Serge Fonville
From | Date | Subject | |
---|---|---|---|
Next Message | Raymond O'Donnell | 2008-11-03 17:06:57 | Re: Specific user does not require password for postgres |
Previous Message | Tom Lane | 2008-11-03 16:04:45 | Re: gin index creation performance problems |