Thread: password-less access, without using pg_hba

password-less access, without using pg_hba

From
Reece Hart
Date:
I'd like to provide public access, without a password, to a database hosted on Amazon RDS.

I'm familiar with using pg_hba.conf to enable trust (no) authentication for a user. pg_hba.conf is not available to DBAs on RDS.

Is there any other way to achieve password-less login in postgresql? I tried alter user password NULL.

Thanks,
Reece

Re: password-less access, without using pg_hba

From
David Johnston
Date:
Reece Hart wrote
> I'd like to provide public access, without a password, to a database
> hosted
> on Amazon RDS.
>
> I'm familiar with using pg_hba.conf to enable trust (no) authentication
> for
> a user. pg_hba.conf is not available to DBAs on RDS.
>
> Is there any other way to achieve password-less login in postgresql? I
> tried alter user password NULL.
>
> Thanks,
> Reece

Doubtful.

You need to give people the correct server ip and user anyway so why not
just give them a password at the same time?

If you are trying to do some automated scripting there are other, better,
solutions than disabling the password requirement. Especially on a
public-visible server.

David J.






--
View this message in context:
http://postgresql.1045698.n5.nabble.com/password-less-access-without-using-pg-hba-tp5790947p5790948.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.


Re: password-less access, without using pg_hba

From
John R Pierce
Date:
On 2/6/2014 6:07 PM, Reece Hart wrote:
> I'd like to provide public access, without a password, to a database
> hosted on Amazon RDS.
>
> I'm familiar with using pg_hba.conf to enable trust (no)
> authentication for a user. pg_hba.conf is not available to DBAs on RDS.
>
> Is there any other way to achieve password-less login in postgresql? I
> tried alter user password NULL.

.pgpass  is supported by any libpq based client.



--
john r pierce                                      37N 122W
somewhere on the middle of the left coast



Re: password-less access, without using pg_hba

From
Reece Hart
Date:
On Thu, Feb 6, 2014 at 6:37 PM, David Johnston <polobo@yahoo.com> wrote:
Doubtful.

Yeah, that's what I had assumed too.

The question is motivated entirely by what I think would make it easier for users. In principle it's not difficult to give people a password (as I do now), but in practice it's a barrier that I'd like to eliminate.

-Reece

Re: password-less access, without using pg_hba

From
David Johnston
Date:
Reece Hart wrote
> On Thu, Feb 6, 2014 at 6:37 PM, David Johnston <

> polobo@

> > wrote:
>
>> Doubtful.
>>
>
> Yeah, that's what I had assumed too.
>
> The question is motivated entirely by what I think would make it easier
> for
> users. In principle it's not difficult to give people a password (as I do
> now), but in practice it's a barrier that I'd like to eliminate.
>
> -Reece

If your users are connecting directly to a PostgreSQL database then the
presence or absence of a password has no significant impact on usability.
They have learned SQL and can interact with databases and likely expect to
need a password anyway.  Usually developers make things easier by writing
software that the users interact with instead of the database...

David J.



--
View this message in context:
http://postgresql.1045698.n5.nabble.com/password-less-access-without-using-pg-hba-tp5790947p5790966.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.


Re: password-less access, without using pg_hba

From
Tatsuo Ishii
Date:
> On Thu, Feb 6, 2014 at 6:37 PM, David Johnston <polobo@yahoo.com> wrote:
>
>> Doubtful.
>>
>
> Yeah, that's what I had assumed too.
>
> The question is motivated entirely by what I think would make it easier for
> users. In principle it's not difficult to give people a password (as I do
> now), but in practice it's a barrier that I'd like to eliminate.

+1. I told Amazon's RDS guy in Japan that it is a major pain for
PostgreSQL users to not be able to touch pg_hba.conf.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp


Re: password-less access, without using pg_hba

From
Steve Crawford
Date:
On 02/06/2014 06:07 PM, Reece Hart wrote:
> I'd like to provide public access, without a password, to a database
> hosted on Amazon RDS.
>
> I'm familiar with using pg_hba.conf to enable trust (no)
> authentication for a user. pg_hba.conf is not available to DBAs on RDS.
>
> Is there any other way to achieve password-less login in postgresql? I
> tried alter user password NULL.
>
Ignoring the scary security issues....

If you can't access pg_hba.conf how about just sticking pgbouncer or
similar in the middle and have your users connect through that?

Cheers,
Steve


Re: password-less access, without using pg_hba

From
Reece Hart
Date:
On Fri, Feb 7, 2014 at 8:27 AM, Steve Crawford <scrawford@pinpointresearch.com> wrote:
Ignoring the scary security issues....

One of the niceties of an RDS deployment is that I don't care much about the security issues: The machine is not in our VPC, there's only public data on it, and I presume that AWS has isolated the instance to their satisfaction. From my point of view, it's an ideal way to make data public and way better than running it ourselves.

If you can't access pg_hba.conf how about just sticking pgbouncer or similar in the middle and have your users connect through that?

I like the pgbouncer idea in principle, but it means more work for me that I'm not willing to take on for this use.

Thanks everyone for the input. I'll stick with an advertised password.

-Reece