Thread: authenticating local users

For local users, is there anyway to have users only be able to connect
to the postmaster as the name associated with their current uid?

I would like to not require db passwords on the for psql where data
entry is also performed but I with full blown trust, it is too easy to
circumvent uid controls with psql -U

Thanks,
Chris
--
Chris Green <cmg@uab.edu>
"Yeah, but you're taking the universe out of context."

Chris Green <cmg@uab.edu> writes:
> For local users, is there anyway to have users only be able to connect
> to the postmaster as the name associated with their current uid?

You could use ident authentication with the 'sameuser' restriction,
ie

host       all   127.0.0.1  255.255.255.255      ident     sameuser

You have to be running an identd daemon, and you have to tell your
users to connect to host localhost instead of the default Unix-socket
connection.  (AFAIK, ident doesn't work with Unix-socket connections.)
Setting PGHOST=localhost in the user environment is a fairly painless
answer to the latter problem though.

            regards, tom lane