On Thu, 28 Jun 2001, Bruce Momjian wrote:
> > On Wed, 27 Jun 2001, Bruce Momjian wrote:
> >
> > > pg_hba.conf option on Debian called "peer" recently. We don't have such
> > > an option and it was never submitted to us a a patch.
> > >From 7usr/share/doc/postgresql/README.Debian.gz:
> > 6. Unix socket authentication is provided (authentication type "peer").
> > This works just like ident, but for Unix sockets; this provides a more
> > secure method of authentication than ident, and does not require
> > administrators to run identd on their servers. This authentication
> > method has been submitted to the upstream developers, but is not
> > currently part of the upstream release.
> >
> > I don?t know if the Debian maintainer has it submitted but I trust him
> > if he writes it in the relevant document.
>
> Again, PostgreSQL topic...
>
> Hmm, that is interesting. My guess is that we couldn't accept it
> because most OS's can't do authentication on Unix-domain sockets. It
> must have been long ago because I don't remember it. Peer is a nice
> feature, though, and it would be nice if we could support it everywhere.
> I don't like our 'trust' method. Too open.
True. Only linux 2.2+ supports that. I think Solaris supports that too.
FreeBSD 4.3 does not support that.
See following for more info:
http://cr.yp.to/docs/secureipc.html
http://www.superscript.com/ucspi-ipc/intro.html
