Thread: Adding encrypted identd authetification

Hi,

I am about to add code to postgresql that would allow IDENT
authentification with DES encryption (as seen in the pidentd package
included with Redhat - not sure if same encryption is used by other
ident daemons).  The code would allow for two types of IDENT
authentification:

ident - this is the same as before, accept now it will try to decrypt
username if IDENT response is surrounded in braces.
ident-des - this will only allow encrypted IDENT responses.

Keys will be kept in a file: $PG_DATA/pg_ident.key.

The code will probably also require that UID's on the client machine and
in postgresql all correspond.  If not, a map could be used.

Does anyone have any suggestions about this?  Has anyone done this?

David

"David M. Kaplan" <dmkaplan@ucdavis.edu> writes:
> I am about to add code to postgresql that would allow IDENT
> authentification with DES encryption (as seen in the pidentd package
> included with Redhat - not sure if same encryption is used by other
> ident daemons).

What's the point, exactly?

For local connections, you do not need encryption, and for remote
connections it's sheer folly to use IDENT anyway.  So I'm having a
hard time identifying the space of applicability...
        regards, tom lane