From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
---|---|
To: | John R Pierce <pierce(at)hogranch(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: The easiest and robust way of configuring password pass through mechanism.. |
Date: | 2010-02-15 07:26:14 |
Message-ID: | d5b05a951002142326h59dd5c56ka966ad3a0e880885@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Thanks John for reply. Users can connect to database server in either
way(from same computer or remote).
Currently by default all users are able to connect to database as pg_hba
file has been configured to TRUST for all users.
I am planning to remove these all users and want only specific groups and
users to connect to database server. I haven't configured the server so I
don't know from where to start.
Thanks,
Dipti
On Mon, Feb 15, 2010 at 12:21 AM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> dipti shah wrote:
>
>> Hi,
>>
>> I am aware of now almost all the authentication mechanisms that PostGreSQL
>> supports. My basic requirement is to don't ask for password (allowed users
>> in pg_hba file) when user connects to the server. What could be the easiest
>> and robust method to configure this? I am looking for passing through the
>> password so that users need not to enter it everytime they connects.
>>
>
>
> are your users on the same computer as the database server, and connecting
> via unix socket as their unix account only? if so,
>
> LOCAL ALL ALL IDENT SAMEUSER
>
> (leave out SAMEUSER on 8.4, its implied with IDENT). this relies on unix
> authentication, and unix user joe will only be able to connect as database
> user joe.
>
> or, if the users are connecting via tcp/ip from specific hosts, and you can
> trust all users on those hosts
>
> HOST ALL someusername some.ip.addr TRUST
>
> or... if your users are always connecting via libpq. you can use
> $HOME/.pgpasswd per
> http://www.postgresql.org/docs/current/static/libpq-pgpass.html to specify
> passwords, when you do this, the application programs won't need to supply
> them. I don't know if this works with clients like JDBC, however.
>
> finally, you can use ssl client certificates, this is the most complex to
> setup, see http://www.postgresql.org/docs/current/static/libpq-ssl.html
>
>
>
>
>
>
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
From | Date | Subject | |
---|---|---|---|
Next Message | dipti shah | 2010-02-15 07:35:30 | Set the permissions while creating database, schema, and tables |
Previous Message | Janet S Jacobsen | 2010-02-15 06:03:12 | Re: unable to restore from a pgdump file |