From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Allow cluster owner to bypass authentication |
Date: | 2019-08-15 11:37:12 |
Message-ID: | 900e9708-3db1-1fd8-4877-ccd53ce3b87f@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
This is an implementation of the idea I mentioned in [0].
The naming and description perhaps isn't ideal yet but it works in
principle.
The idea is that if you connect over a Unix-domain socket and the local
(effective) user is the same as the server's (effective) user, then
access should be granted immediately without any checking of
pg_hba.conf. Because it's "your own" server and you can do anything you
want with it anyway.
I included an option to turn this off because (a) people are going to
complain, (b) you need this for the test suites to be able to test
pg_hba.conf, and (c) conceivably, someone might want to have all access
to go through pg_hba.conf for some auditing reasons (perhaps via PAM).
This addresses the shortcomings of using peer as the default mechanism
in initdb. In a subsequent step, my idea would be to make the default
initdb authentication setup to use md5 (or scram, tbd.) for both local
and host.
[0]:
https://www.postgresql.org/message-id/29164e47-8dfb-4737-2a61-e67a18f847f3%402ndquadrant.com
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachment | Content-Type | Size |
---|---|---|
v1-0001-Allow-cluster-owner-to-bypass-authentication.patch | text/plain | 7.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2019-08-15 12:25:07 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
Previous Message | Etsuro Fujita | 2019-08-15 11:31:24 | Useless bms_free() calls in build_child_join_rel() |