Thread: pg_hba.conf and postgresql 7.2

pg_hba.conf and postgresql 7.2

From
amy@real-time.com
Date:
New to postgresql...I've done a lot of google-searching and searching of
the pgsql archives but haven't found much...


I'm trying to configure pg_hba.conf so that:

1. using a local connection, user postgres does not require a password for any database
2. using a local connection, all other users require password for all
databases

We are running debian stable so we have postgresql 7.2  From what I
understand, the syntax of pg_hba.conf changed with 7.3, making it easier
to do what I want to above.  With 7.3, I would do this I think:

local    all    postgres    trust
local    all            md5

Is there a way to accomplish this with version 7.2?

If not, I was planning on setting a password for user postgres.  However,
in that case, what's the easiest way for backup scripts, etc, running as
user postgres to be passed the password?

Are there any online documents for recommended ways of configuring
pg_hba.conf with security in mind?

Thanks for your help.
--
Amy Tanner
amy@real-time.com

Re: pg_hba.conf and postgresql 7.2

From
Bruno Wolff III
Date:
On Tue, Feb 03, 2004 at 12:48:34 -0600,
  amy@real-time.com wrote:
> New to postgresql...I've done a lot of google-searching and searching of
> the pgsql archives but haven't found much...
>
>
> I'm trying to configure pg_hba.conf so that:
>
> 1. using a local connection, user postgres does not require a password for any database
> 2. using a local connection, all other users require password for all
> databases
>
> We are running debian stable so we have postgresql 7.2  From what I
> understand, the syntax of pg_hba.conf changed with 7.3, making it easier
> to do what I want to above.  With 7.3, I would do this I think:
>
> local    all    postgres    trust
> local    all            md5
>
> Is there a way to accomplish this with version 7.2?

I don't believe you can do it with 7.2. The first rule that matches
on database, connection type and IP address applies. So you can't
have different authentication methods for different database users.

>
> If not, I was planning on setting a password for user postgres.  However,
> in that case, what's the easiest way for backup scripts, etc, running as
> user postgres to be passed the password?

You might look at using ident authentication and a sameuser mapping.
Whether this will work for you or not depends on how OS users relate
to DB users.