From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: initdb recommendations |
Date: | 2019-07-24 20:34:00 |
Message-ID: | 91d0dc38-643c-a880-4cab-b31f2f36d4e5@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-hackers |
On 2019-07-24 22:18, Tom Lane wrote:
>> I think we could just define that if geteuid == getpeereid, then
>> authentication succeeds. Possibly make that a setting if someone wants
>> to turn it off.
>
> We would still need to make the proposed buildfarm changes, though,
> because Windows. (And HPUX, though if it were the only holdout
> maybe we could consider blowing it off.)
>
> I'm not that excited about weakening our authentication rules
> just to make things easier for the buildfarm.
Yes, this idea is separate from those buildfarm changes.
> It's possible that what you suggest is a good idea anyway to reduce
> the user impact of switching from trust to peer as default auth.
> However, I'm a little worried that we'll start getting a lot of "it
> works in psql but I can't connect via JDBC-or-whatever" complaints.
Well, the existence of "local" vs. "host" already has that effect anyway.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | PG Doc comments form | 2019-07-25 12:24:19 | Missing preposition 'of' |
Previous Message | Tom Lane | 2019-07-24 20:18:34 | Re: initdb recommendations |
From | Date | Subject | |
---|---|---|---|
Next Message | Dmitry Dolgov | 2019-07-24 20:49:32 | Re: Index Skip Scan |
Previous Message | Peter Eisentraut | 2019-07-24 20:32:05 | Re: pg_upgrade version checking questions |