Blaine Simpson wrote:
> Oliver Jowett wrote:
>
>> Blaine Simpson wrote:
>>
>>> Oliver Jowett wrote:
>>>
>>>> Blaine Simpson wrote:
>>>>
>>>>> You don't need an ident server if you use "md5", you do need an
>>>>> ident server if you
>>>>> use "trust".
To reiterate -- the second half of this statement is wrong.
> The reason I question the implication is not that I can't read, but
> because I have tried to use
> psql (not JDBC) over tcpip sockets with "ident", and, what do you know,
> just like Kris said,
> there were system log messages about ident failures. This is because
> identd is disabled on
> our servers and blocked by our firewalls.
Sure -- to use ident authentication over TCP/IP, you need an ident
server. There's no disagreement there. But trust authentication is a
completely separate mechanism. It does not require an ident server.
To make sure I wasn't going crazy, I just doublechecked against the
7.4.1 server here. It does not make outgoing ident connections when
accepting connections from an IP that is configured for 'trust'.
>>> But, as I've found in practice, and as Kris Jurka has pointed out,
>>> you do have to satisfy ident
>>> protocol requirements to use trust with network sockets.
[... more about ident authentication needing an ident server ...]
I'm not disagreeing with you about ident authentication -- it's trust
authentication we're talking about.
-O