| From: | Markus Bräunig <markus(at)braeunig(dot)biz> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | pgsql-pkg-yum <pgsql-pkg-yum(at)postgresql(dot)org> |
| Subject: | Re: Disable 'ident' as default auth method |
| Date: | 2019-10-09 04:57:21 |
| Message-ID: | D0CE882D-2881-4B91-805F-717D07684F6F@braeunig.biz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-yum |
Hi,
OK you are talking about host connections.
ident maps to peer for local connections, so for these I would suggest implementing local directly.
For host connections I like the idea of reject. If I remember correctly the listen_addresses must be configured anyway (for remote access).
Regards
Markus
Am 09.10.2019 um 06:40 schrieb Craig Ringer <craig(at)2ndquadrant(dot)com<mailto:craig(at)2ndquadrant(dot)com>>:
On Wed, 9 Oct 2019 at 12:36, Markus Bräunig <markus(at)braeunig(dot)biz<mailto:markus(at)braeunig(dot)biz>> wrote:
Hi,
we use peer authentication for local connections.
local all postgres peer
By doing so you can just use #>psql as postgres-User (or using sudo -u postgres -i psql).
Could be a valid default.
Yes. I'm aware of that and think it's the sensible default for 'local' connections.
I'm talking about 'host' connections for 127.0.0.1 and ::1 . The current default for that is nonsensical IMO.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Berg | 2019-10-09 07:25:38 | Re: Disable 'ident' as default auth method |
| Previous Message | Craig Ringer | 2019-10-09 04:40:24 | Re: Disable 'ident' as default auth method |