On Mon, 9 May 2016 14:56:14 -0700
John R Pierce <pierce@hogranch.com> wrote:
> over a tcp socket, there's no way of knowing *WHAT* the system user
> is short of querying the unreliable service 'authd' (113/tcp) and
> hoping that it A) exists and B) returns something meaningful.
> authd/ident services can return virtually anything they want to.
I run both the client web server and the database server. Outside
machines require passwords.
> when pg_hba.conf is searched, all thats known is the socket type
> (host or local), the database name, the requested(!) username, and if
> its 'host', the source IP address. this is used to select the
> desired authentication method for that combination.
Yes, it is missing that one piece I suggested - the ability to select
based on the authenticated name. That's what I am trying to work
around.
--
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner.
IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net
