Thread: Dynamic IP authentication

Dynamic IP authentication

From
Richard Dockery
Date:
Does anyone know a way of authenticating client applications with dynamic IP
addresses?  All our client machines are receiving dynamic IP addresses.  Is
there a way to set up the pg_hba file to allow for this, or is there another
way to configure connections so as not to use this file?
Any thoughts would be appreciated.
Thank you!

Richard Dockery
Facilities Information Technology Group
University Of New Hampshire
richard.dockery@unh.edu
603.862.1803


Re: Dynamic IP authentication

From
Sam Barnett-Cormack
Date:
On Fri, 19 Mar 2004, Richard Dockery wrote:

> Does anyone know a way of authenticating client applications with dynamic IP
> addresses?  All our client machines are receiving dynamic IP addresses.  Is
> there a way to set up the pg_hba file to allow for this, or is there another
> way to configure connections so as not to use this file?
> Any thoughts would be appreciated.
> Thank you!

Open access to the whole IP range, but require passwords. I think you
can wrap in SSL as well.

--

Sam Barnett-Cormack
Software Developer                           |  Student of Physics & Maths
UK Mirror Service (http://www.mirror.ac.uk)  |  Lancaster University

Re: Dynamic IP authentication

From
Mitch Pirtle
Date:
Sam Barnett-Cormack wrote:

 > On Fri, 19 Mar 2004, Richard Dockery wrote:
 >
 >
 >> Does anyone know a way of authenticating client applications with
dynamic IP
 >> addresses?  All our client machines are receiving dynamic IP
addresses.  Is
 >> there a way to set up the pg_hba file to allow for this, or is there
another
 >> way to configure connections so as not to use this file?
 >> Any thoughts would be appreciated.
 >> Thank you!
 >
 >
 >
 > Open access to the whole IP range, but require passwords. I think you
 > can wrap in SSL as well.
 >

This is what I do, and now I won't let non-SSL connections through.  The
pg_hba.conf entry that lets me connect over SSL from anywhere looks like
this:

     hostssl  all  mitchy  0.0.0.0   0.0.0.0   password

Of course you need to configure your database box with an SSL key, which
is well documented.

-- Mitch