Tom Lane writes:
> It's not that it's "okay", it's that we haven't got any good
> alternatives. Password auth sucks from a convenience point of view
> (or even from a possibility point of view, for scripts; don't forget
> the changes that you yourself recently applied to guarantee that a
> script *cannot* supply a password to psql). Ident auth doesn't work,
> or isn't secure, in a lot of cases. Kerberos, well, not a lot to
> offer there either. What else do you want to make the default?
unix_socket_permissions = 0700
--
Peter Eisentraut peter_e@gmx.net