Re: Allow cluster owner to bypass authentication

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Allow cluster owner to bypass authentication
Date: 2019-12-18 14:09:25
Message-ID: CA+TgmobdH+Ptp=KtvZyv2x9+ChOgEZLoyr3uM-OzKkGxbMmyyw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Dec 17, 2019 at 5:27 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> I realize that there are a number of facilities nowadays to do enhanced
> security setups. But let's consider what 99% of users are using. If
> the database server runs as user X and you are logged in as user X, you
> should be able to manage the database server that is running as user X
> without further restrictions. Anything else would call into question
> the entire security model that postgres is built around. But also,
> there is an option to turn this off in my patch, if you really have the
> need.

I feel like this is taking a policy decision that properly belongs in
pg_hba.conf and making it into a GUC. If you're introducing a GUC
because it's not possible to configure the behavior that you want in
pg_hba.conf, then I think the solution to that is to enhance
pg_hba.conf so that it can support the behavior you want to configure.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2019-12-18 14:14:25 Re: jacana seems to be failing in recoverycheck from last few runs
Previous Message Tom Lane 2019-12-18 14:06:04 Re: Read Uncommitted