The following bug has been logged online:
Bug reference: 1001
Logged by: Alan W. Irwin
Email address: irwin@beluga.phys.uvic.ca
PostgreSQL version: 7.4
Operating system: Debian stable (Linux)
Description: Inconsistent authentication between psql and PQconnectdb - possible security implications?
Details:
I use "ident sameuser" authentication. Here are the relevant details from pg_hba.conf.
local all all ident sameuser
host all all 127.0.0.1 255.255.255.255 ident sameuser
host all all 0.0.0.0 0.0.0.0 reject
All is well with psql authentication. However, when I tried to
use knoda/hk_classes to access the database, I could not get authenticated. A typical error message was IDENT
authenticationfailed for user "irwin". When I traced this down through the hk_classes code it was using PQconnectdb to
connnectto the database, and there were complaints in the postgresql log that the identd server was not available. All
knoda/hk_classes/PQconnectdbproblems disappeared when I installed identd (apt-get install pidentd) on my Debian stable
system. So all seems well when identd is installed, but there may be a security concern with psql when it is not. On
theother hand, if psql is actually secure when identd is not running, then why isn't PQconnectdb using the exact same
(secure)method of authentication for this case?
Note, this authentication inconsistency between psql and PQconnectdb in the absence of an identd server occurs both
fora postgresql-7.4 version that I built and installed myself and also for the Debian stable version (7.2.1-2woody4) of
postgresql.
