| From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
|---|---|
| To: | kpi6288(at)gmail(dot)com |
| Cc: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Disable TRUST authentication by using ClientAuthentication_hook |
| Date: | 2018-07-13 12:01:42 |
| Message-ID: | CAECtzeWexM91HD-g5D7GZJubboZ9Uzohu-SA7pGDDWTR0bOMGw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
2018-07-13 13:57 GMT+02:00 <kpi6288(at)gmail(dot)com>:
> I’d like to disable the TRUST authentication method for certain servers
> where modification of pg_hba.conf and restarting a service is fairly easy
> for a number of users.
>
>
>
> I looked at this example https://wiki.postgresql.org/images/e/e3/Hooks_in_
> postgresql.pdf It appears that creating a ClientAuthentication_hook and
> call ereport(ERROR) in case that Port->HbaLine contains TRUST would do the
> job. Is that right?
>
>
>
> I am aware that this would not make the server entirely secure but it
> would make it at least a bit more difficult to enter.
>
>
>
I'm not sure this is such a good idea. You may need the trust
authentication method, for example if you forgot the superuser password.
Otherwise, there's good chance you might use the ClientAuthentication hook
to do what you want.
--
Guillaume.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Kretschmer | 2018-07-13 12:04:04 | Re: Database Refresh confusion |
| Previous Message | kpi6288 | 2018-07-13 11:57:35 | Disable TRUST authentication by using ClientAuthentication_hook |