Re: Disabling trust/ident authentication configure option - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: Disabling trust/ident authentication configure option
Date
Msg-id 554A720F.1030706@dunslane.net
Whole thread Raw
In response to Re: Disabling trust/ident authentication configure option  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Responses Re: Disabling trust/ident authentication configure option
List pgsql-hackers
On 05/06/2015 10:47 AM, Alvaro Herrera wrote:

>
> I don't necessarily agree with the patch as proposed.  I would rather
> have a comma-separated list of methods, as in:
>
>      --disable-auth=ident,peer
>
> which lets you choose what to disable without hardcoded choices.  Due to
> the nature of autoconf, this might be too fiddly to implement, though,
> and if so I think the method proposed by this patch seems a reasonable
> compromise.  I've seen configure in other programs offer options such as
> --disable-foo=list that lists acceptable values (or --disable-foo=help)
>


I don't necessarily object to this idea, but I do think we need to 
ensure that we don't allow both trust and peer to be disabled (which 
means on Windows you would not be able to disable trust). Otherwise this 
becomes a footgun which would require the whole server to be stopped so 
you could connect in single user mode to correct certain mistakes, which 
are unfortunately all too common.

cheers

andrew




pgsql-hackers by date:

Previous
From: Heikki Linnakangas
Date:
Subject: Re: INSERT ... ON CONFLICT UPDATE/IGNORE 4.0
Next
From: Tomas Vondra
Date:
Subject: Re: multivariate statistics / patch v6