Re: Security choices... - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Security choices...
Date
Msg-id 200008050313.XAA09719@candle.pha.pa.us
Whole thread Raw
In response to Re: Security choices...  (Philip Warner <pjw@rhyme.com.au>)
Responses Peer credentials (was Security choices...)
List pgsql-hackers
> At 18:34 4/08/00 -0400, Bruce Momjian wrote:
> >[ Charset ISO-8859-1 unsupported, converting... ]
> >> Philip Warner writes:
> >> 
> >> > Is there any reason that a security model does not exist for psql that
> >> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> >> > but any user trying to log on as someone other than themselves has to
> >> > provide a password?
> >> 
> >> Short of someone sitting down and making it happen I don't see any. You'd
> >> only need to implement some sort of fall-through in `pg_hba.conf', which
> >> in my estimate can't be exceedingly hard.
> >
> >How do you know Fred is Fred without a password?
> >
> 
> The idea was to apply only on the matchine on which the postmaster runs;
> then ideally you get the username of the client process. It's kind of like
> IDENT, except it works only for local connections, and asks for passwords
> for non-local connections.

I am not aware of any way to determine the PID at the other end of a
unix domain socket.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 


pgsql-hackers by date:

Previous
From: Thomas Lockhart
Date:
Subject: Re: Differences between int8 and int4 as pkeys and fkeys
Next
From: Alex Pilosov
Date:
Subject: Peer credentials (was Security choices...)