Postgres Pro
Downloads
Home   >   mailing lists

Thread: RE: [GENERAL] Another access control query

RE: [GENERAL] Another access control query

From
Nicolas Huillard
Date:
You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users you
wantto be able to connect from the servip to the dbX. 
The lines in pg_hba looks like :
host    bd1    serverip1 netmask    password    password.username1
host    bd2    serverip2 netmask    password    password.username2

You can create the "password.*" files using the pg_passwd command.
This way, passwords are stored in files rather than in the pg_shadow table, and you cannot use the "crypt" authmode.
It seems that ODBC access from remote workstations can't use the crypt authmode, so it is not a real problem. Can
someonetell me if it's true ? 
Second problem : you must set the suer password in both the pg_shadow table (using psql), and the passwd.* files (using
pg_passwd).

Yours,

Nicolas Huillard

-----Message d'origine-----
De:    Mark Jewiss [SMTP:Mark.Jewiss@knowledge.com]
Date:    jeudi 14 octobre 1999 16:50
À:    pgsql-general@postgreSQL.org
Objet:    [GENERAL] Another access control query

Hello,

Similar to other questions I've seen posed in the last day or so,
apologies if this exact question has been asked, I don't think it has.

I want to restrict access to a set of databases to connections from a
specfic machine and a specific user.

Lines in my pg_hba.conf file are similar to this:

host    db1    serverip    netmask    password

Effectively what I want to do is have something like:

host    db1    username1    serverip    netmask    password
host    db2    username2    serverip    netmask    password

thereby ensuring that it is not possible for user2 to connect to db1 from
the same machine.

I know I can set up the different db's so that table security only gives
any access to the user I want, but that is fiddly. Being able to do the
above and prevent connections to the database will resolve that issue.

Any ideas?

Regards,

Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com



************

RE: [GENERAL] Another access control query

From
Mark Jewiss
Date:
Hello,

On Thu, 14 Oct 1999, Nicolas Huillard wrote:

> You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users
youwant to be able to connect from the servip to the dbX. 
> The lines in pg_hba looks like :
> host    bd1    serverip1 netmask    password    password.username1
> host    bd2    serverip2 netmask    password    password.username2

This is pretty cool, thanks for pointing it out. Does the documentation
still need doing for this, or is my set out of date?

Also, can you specify a path to the password file? I've tried this, but
can't get it to work, so am assuming not, and that it has to be in the
same directory as the pg_hba.conf file, but just want to check.

Regards,

Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com