On 10/19/2017 09:20 AM, Desidero wrote:
> I agree that it would be better for us to use something other than
> LDAP, but unfortunately it's difficult to convince the powers that be
> that we can/should use something else that they are not yet prepared
> to properly manage/audit. We are working towards it, but we're not
> there yet. It's not really an exuse, but until the industry password
> policies are modified to outright ban passwords, many businesses will
> probably be in this position.
>
> In any event, is the use case problematic enough that it would prevent
> the proposed changes from being implemented? I could submit a patch to
> postgres hackers if necessary, but if it's undesirable I can figure
> out something else.
>
Please don't top-post on the PostgreSQL lists.
You said you wanted to allow anonymous pipes, but I think what you
really want is a named pipe.
I don't see any reason in principle to disallow use of a named pipe as a
password file. It could be a bit of a footgun, though, since writing to
the fifo would block until it was opened by the client, so you'd need to
be very careful about that.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
