Home > mailing lists

Re: Disable TRUST authentication by using ClientAuthentication_hook - Mailing list pgsql-general

From	Guillaume Lelarge
Subject	Re: Disable TRUST authentication by using ClientAuthentication_hook
Date	July 13, 2018 18:01:42
Msg-id	CAECtzeWexM91HD-g5D7GZJubboZ9Uzohu-SA7pGDDWTR0bOMGw@mail.gmail.com Whole thread Raw
In response to	Disable TRUST authentication by using ClientAuthentication_hook (<kpi6288@gmail.com>)
Responses	AW: Disable TRUST authentication by using ClientAuthentication_hook (<kpi6288@gmail.com>) Re: Disable TRUST authentication by using ClientAuthentication_hook (Fabrízio de Royes Mello <fabrizio@timbira.com.br>)
List	pgsql-general

Tree view

2018-07-13 13:57 GMT+02:00 <kpi6288@gmail.com>:

I’d like to disable the TRUST authentication method for certain servers where modification of pg_hba.conf and restarting a service is fairly easy for a number of users.

I looked at this example https://wiki.postgresql.org/images/e/e3/Hooks_in_postgresql.pdf It appears that creating a ClientAuthentication_hook and call ereport(ERROR) in case that Port->HbaLine contains TRUST would do the job. Is that right?

I am aware that this would not make the server entirely secure but it would make it at least a bit more difficult to enter.

I'm not sure this is such a good idea. You may need the trust authentication method, for example if you forgot the superuser password. Otherwise, there's good chance you might use the ClientAuthentication hook to do what you want.

Guillaume.

pgsql-general by date:

From:
Date: 13 July 2018, 17:57:35
Subject: Disable TRUST authentication by using ClientAuthentication_hook

From: Andreas Kretschmer
Date: 13 July 2018, 18:04:04
Subject: Re: Database Refresh confusion

Re: Disable TRUST authentication by using ClientAuthentication_hook - Mailing list pgsql-general

Previous

Next