Hi.
I have a question about setting up permissions on a PostgreSQL server:
I can't figure out how to get pg_hba.conf set up to do what I want,
and perhaps someone can help me with this.
The problem is the following: I have a small number of users on my
system with a specific PostgreSQL account. The latter is always named
in the same way as the user, and the pg_hba.conf file states
host all 127.0.0.1 255.255.255.255 ident sameuser
Now I would like to make the databases readable by anyone. To this
effect, I have created an extra PostgreSQL account, "guest". And I
would like anyone to be able to access this "guest" account (without,
of course, having to enter a password or anything like that). How can
I achieve this? The only solution I can see is to use some specific
identd mapping, and replace the line above by
host all 127.0.0.1 255.255.255.255 ident sameorguest
and write a (very long) pg_ident.conf that maps every username on the
system to "guest" plus every specific account to itself. But this is
quickly unmanageable as new accounts are being added to the system all
the time.
Surely there must be some better way to achieve such a simple task?
Another (rather distantly related) question: is there some way to
perform uid-based authentication on a UNIX-domain socket? It seems
absurd to use a TCP socket on localhost and identd for this effect: it
is slower, and identd is sometimes unreliable, whereas credentials can
be sent on a Unix-domain socket through sendmsg() and related
functions.
Thanks for any help.
PS: Please send copy of replies to me personally as I do not receive
mail from the list. Thanks again.
--
David A. Madore
(david.madore@ens.fr,
http://www.eleves.ens.fr:8080/home/madore/ )
