Re: Authorization problem

From: "Pedro Fonseca" <pedro(dot)fonseca(at)netcabo(dot)pt>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Authorization problem
Date: 2001-10-03 15:48:06
Message-ID: 9pfbvv$15vu$1@news.tht.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Hi Manuel!

Yo no hablo el espaol mui bien... :)

Your suggestion is just fine, but that way the authentication will be
password based! And I don't want that... The same for Felipe's suggestion!

In short: I'd like this database accessible only by *one* PostgreSQL user
(instead of all), I don't want this user to have to authenticate through a
password and I don't want to use TCP/IP. I think that the AUTHTYPE ident (in
pg_hba.conf) is just fine for this case, together with a corresponding map,
but that can only be used for TCP/IP connections...

Any more suggestions? I mean, this is possible, right?
--
______________________________________________________________________
Pedro Fonseca (pedro(dot)fonseca(at)iscte(dot)pt)
Mob.: (+351)964598357
http://www.pedrofonseca.com
ADETTI/ISCTE (Instituto Superior de Cincias do Trabalho e da Empresa)

"Manuel Trujillo" <manueltrujillo(at)dorna(dot)es> wrote in message
news:20011003161206(dot)A560(at)klingon(dot)dorna(dot)es(dot)(dot)(dot)
> On Wed, Oct 03, 2001 at 02:17:15PM +0100, Pedro Fonseca wrote:
>
> > I have 2 PostgreSQL users created. I'd like access to a database
restricted
> > only to one of these users. As it is, in pg_hba.conf, any PostgreSQL
user
> > can connect locally to any database whatsoever:
> >
> > # TYPE DATABASE IP_ADDRESS MASK AUTHTYPE MAP
> > local all trust
> > host all 127.0.0.1 255.255.255.255 trust
> >
> > I have TCP/IP based connections disabled. What I would like would be
> > something like:
> >
> > # TYPE DATABASE IP_ADDRESS MASK AUTHTYPE MAP
> > local test_db ident
test_db_map
> >
> > The problem is that the ident AUTHTYPE can only be used for TCP/IP
> > connections. How do I tell PostgreSQL that I only want to allow
> > postgres_user_1 to connect to test_db, and not every user? And how do I
do
> > this without using passwords and TCP/IP connections?
>
>
> I think the solution is:
> 1- create a passwd file for this database (test_db_passwd, for example),
with pg_passwd test_db_passwd, and put here with pg_passwd the user's
needed.
> 2- put this in your pg_hba.conf:
> # TYPE DATABASE IP_ADDRESS MASK AUTHTYPE
MAP
> local test_db password test_db_passwd
test_db_map
>
> I'm very "newbie" in postgresql, but I think this can solve your problem.
>
> Sorry for my bad english, if you speak spanish, you can write to me
directly.

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Laurette Cisneros 2001-10-03 17:32:42 buffer overflow
Previous Message Tom Lane 2001-10-03 14:23:54 Re: Race condition in 7.1.2?