Re: Using both ident and password in pg_hba.conf - Mailing list pgsql-general

From D'Arcy J.M. Cain
Subject Re: Using both ident and password in pg_hba.conf
Date
Msg-id 20160509224655.093ed542@imp
Whole thread Raw
In response to Re: Using both ident and password in pg_hba.conf  (John R Pierce <pierce@hogranch.com>)
List pgsql-general
On Mon, 9 May 2016 14:56:14 -0700
John R Pierce <pierce@hogranch.com> wrote:
> over a tcp socket, there's no way of knowing *WHAT* the system user
> is short of querying the unreliable service 'authd' (113/tcp) and
> hoping that it A) exists and B) returns something meaningful.
> authd/ident services can return virtually anything they want to.

I run both the client web server and the database server.  Outside
machines require passwords.

> when pg_hba.conf is searched, all thats known is the socket type
> (host or local), the database name, the requested(!) username, and if
> its 'host', the source IP address.   this is used to select the
> desired authentication method for that combination.

Yes, it is missing that one piece I suggested - the ability to select
based on the authenticated name.  That's what I am trying to work
around.

--
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net


pgsql-general by date:

Previous
From: "D'Arcy J.M. Cain"
Date:
Subject: Re: Using both ident and password in pg_hba.conf
Next
From: Michael Paquier
Date:
Subject: Re: Error in log file after database crash