Thread: Need linux uid in pg-psql
Is there a way to get the linux idsid of a user, even for a remote network connection?
If not, is there a way to capture this somehow when the original connection is made and maybe stuff it in a temp table or something using whatever means (a trigger-like mechanism? ) ? Is there a script/function that gets run whenever a connection is made, something I might have access to, in which I could piggy-back something like this? What I'm talking about is basically grabbing and storing $USER for me to read later on with a stored proc.
I could write a pg-perlu to get this, but I suspect it won't give me the original user when there's a remote connect.
Thanks for any suggestions !
On August 19, 2011 07:01:33 AM Gauthier, Dave wrote: > Is there a way to get the linux idsid of a user, even for a remote network > connection? > > I could write a pg-perlu to get this, but I suspect it won't give me the > original user when there's a remote connect. > > Thanks for any suggestions ! There's an identd protocol for this. It's not commonly used anymore, and when present tends to deliberately obscure the results.
On Fri, Aug 19, 2011 at 8:40 AM, Alan Hodgson <ahodgson@simkin.ca> wrote: > On August 19, 2011 07:01:33 AM Gauthier, Dave wrote: >> Is there a way to get the linux idsid of a user, even for a remote network >> connection? >> >> I could write a pg-perlu to get this, but I suspect it won't give me the >> original user when there's a remote connect. >> >> Thanks for any suggestions ! > > There's an identd protocol for this. It's not commonly used anymore, and when > present tends to deliberately obscure the results. > Couldn't you use client ssl certs for authentication and encode the data there in the cert? Best Wishes, Chris Travers
Alan Hodgson <ahodgson@simkin.ca> writes:
> On August 19, 2011 07:01:33 AM Gauthier, Dave wrote:
>> Is there a way to get the linux idsid of a user, even for a remote network
>> connection?
> There's an identd protocol for this. It's not commonly used anymore, and when
> present tends to deliberately obscure the results.
Not to mention that it's trivially faked, if the user has root on his
own machine.
regards, tom lane
Not too worried about nefarious id faking in this environment.
How does one use "identd" in an unobscured way?
-----Original Message-----
From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Tom Lane
Sent: Friday, August 19, 2011 11:55 AM
To: Alan Hodgson
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Need linux uid in pg-psql
Alan Hodgson <ahodgson@simkin.ca> writes:
> On August 19, 2011 07:01:33 AM Gauthier, Dave wrote:
>> Is there a way to get the linux idsid of a user, even for a remote network
>> connection?
> There's an identd protocol for this. It's not commonly used anymore, and when
> present tends to deliberately obscure the results.
Not to mention that it's trivially faked, if the user has root on his
own machine.
regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
"Gauthier, Dave" <dave.gauthier@intel.com> writes:
> Not too worried about nefarious id faking in this environment.
> How does one use "identd" in an unobscured way?
There's a command-line switch for the identd daemon, on most machines,
that tells it whether to send hashed or plaintext responses.
regards, tom lane