Tom,
> Indeed. If the Solaris folk feel that getupeercred() is insecure,
> they had better explain why their kernel is that broken. This is
> entirely unrelated to the known shortcomings of the "ident" IP
> protocol.
The Solaris security & kernel folks do, actually. However, there's no
question that TRUST is inherently insecure, and that's what people are going
to use if they can't get IDENT to work.
--
Josh Berkus
PostgreSQL @ Sun
San Francisco