Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Disabling trust/ident authentication configure option
Date
Msg-id 3359.1432151851@sss.pgh.pa.us
Whole thread Raw
In response to Re: Disabling trust/ident authentication configure option  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> I don't agree with this either.  Providing a "bypass all authentication"
> configuration option really isn't a good thing.  Why don't packagers use
> our default pg_hba.conf?  Because it only makes sense in a development
> type of environment.  I'd argue the same is true for 'trust'.

Sure.  And the problem is that development environments are a perfectly
common and respectable use-case.  I cannot see Red Hat, for example,
shipping a Postgres that's built (not merely configured by user-changeable
config files, but hard-wired) to be unfriendly to developers.

If we could get to a point where there is another way that is superior
to "trust" even for single-user development environments, then maybe
it would be useful to try to persuade packagers to disable "trust".
But I don't even see a proposal for such a thing, let alone a track record
showing that nobody needs "trust".  And you really have got to get to the
point of being able to argue that *nobody* needs trust, not that some
use-cases don't need it, before you will impress most packagers.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: ERROR: cannot GetMultiXactIdMembers() during recovery
Next
From: Andres Freund
Date:
Subject: Re: Disabling trust/ident authentication configure option