Thread: Adding encrypted identd authetification
Hi, I am about to add code to postgresql that would allow IDENT authentification with DES encryption (as seen in the pidentd package included with Redhat - not sure if same encryption is used by other ident daemons). The code would allow for two types of IDENT authentification: ident - this is the same as before, accept now it will try to decrypt username if IDENT response is surrounded in braces. ident-des - this will only allow encrypted IDENT responses. Keys will be kept in a file: $PG_DATA/pg_ident.key. The code will probably also require that UID's on the client machine and in postgresql all correspond. If not, a map could be used. Does anyone have any suggestions about this? Has anyone done this? David
"David M. Kaplan" <dmkaplan@ucdavis.edu> writes: > I am about to add code to postgresql that would allow IDENT > authentification with DES encryption (as seen in the pidentd package > included with Redhat - not sure if same encryption is used by other > ident daemons). What's the point, exactly? For local connections, you do not need encryption, and for remote connections it's sheer folly to use IDENT anyway. So I'm having a hard time identifying the space of applicability... regards, tom lane