Re: .pgpass and root: a problem - Mailing list pgsql-general

From Scott Marlowe
Subject Re: .pgpass and root: a problem
Date
Msg-id CAOR=d=3B8G_zuRgaMUnW++P392UYa5Rp=2LHKtcLc_mVbKap5Q@mail.gmail.com
Whole thread Raw
In response to .pgpass and root: a problem  (Shaun Thomas <sthomas@optionshouse.com>)
Responses Re: .pgpass and root: a problem
Re: .pgpass and root: a problem
List pgsql-general
On Tue, Feb 5, 2013 at 10:15 AM, Shaun Thomas <sthomas@optionshouse.com> wrote:
> Hey folks,
>
> We're wanting to implement a more secure password policy, and so have
> considered switching to LDAP/Active Directory for passwords. Normally, this
> would be fine, but for two things:
>
> 1. Tons of our devs use .pgpass files to connect everywhere.
> 2. Several devs have root access to various environments.

Stop.  If you want secure setups you don't hand out root access to
lots of people.  Trying to then make it secure is like closing the
barn door after the horse has left.

pgsql-general by date:

Previous
From: "Robert Klaus"
Date:
Subject: Re: cleanup of pgsql_tmp directory
Next
From: "Joshua D. Drake"
Date:
Subject: Re: .pgpass and root: a problem