Re: Security choices...

this kinda has a hole in it also.. our database server only has about 5
uesrs on it , all are employee acounts, not clients.

jeff

On Sat, 5 Aug 2000, Philip Warner wrote:

> At 18:34 4/08/00 -0400, Bruce Momjian wrote:
> >[ Charset ISO-8859-1 unsupported, converting... ]
> >> Philip Warner writes:
> >>
> >> > Is there any reason that a security model does not exist for psql that
> >> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> >> > but any user trying to log on as someone other than themselves has to
> >> > provide a password?
> >>
> >> Short of someone sitting down and making it happen I don't see any. You'd
> >> only need to implement some sort of fall-through in `pg_hba.conf', which
> >> in my estimate can't be exceedingly hard.
> >
> >How do you know Fred is Fred without a password?
> >
>
> The idea was to apply only on the matchine on which the postmaster runs;
> then ideally you get the username of the client process. It's kind of like
> IDENT, except it works only for local connections, and asks for passwords
> for non-local connections.
>
>
> ----------------------------------------------------------------
> Philip Warner | __---_____
> Albatross Consulting Pty. Ltd. |----/ - \
> (A.C.N. 008 659 498) | /(@) ______---_
> Tel: (+61) 0500 83 82 81 | _________ \
> Fax: (+61) 0500 83 82 82 | ___________ |
> Http://www.rhyme.com.au | / \|
> | --________--
> PGP key available upon request, | /
> and from pgp5.ai.mit.edu:11371 |/
>

Jeff MacDonald,

-----------------------------------------------------
PostgreSQL Inc | Hub.Org Networking Services
jeff(at)pgsql(dot)com | jeff(at)hub(dot)org
www.pgsql.com | www.hub.org
1-902-542-0713 | 1-902-542-3657
-----------------------------------------------------
Fascimile : 1 902 542 5386
IRC Nick : bignose