<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1"><big>While it's been discussed elsewhere*, I just
tripped over a decidedly odd default in postgresql:</big> </font>it
tries to use ident to verify that the role I'm logging in to has the
same name as my unix user account, simulating the "peer"
authentication available for unix domain sockets.<br>
<br>
I don't see any history for this, but It make me suspicious, just as
it would if I found someone was using rsh and a .rhosts file in a
world where we have ssh with keys. <br>
<br>
The common recommendation is to use "trust", which is even worse
than ident. At least ident comes with a conspicuous warning that
"The Identification Protocol is not intended as an authorization or
access control protocol."<br>
<br>
Anyone know the back story? The FAQ is unhelpful, the bugs list
seems private, and Google finds lots of bad advice (;-))<br>
<br>
--dave<br>
[*
<a class="moz-txt-link-freetext"
href="http://www.upfrontsystems.co.za/Members/izak/sysadman/postgresqls-confusing-authentication-configuration">http://www.upfrontsystems.co.za/Members/izak/sysadman/postgresqls-confusing-authentication-configuration</a><br>
<a class="moz-txt-link-freetext"
href="http://www.depesz.com/2007/08/18/securing-your-postgresql-database/">http://www.depesz.com/2007/08/18/securing-your-postgresql-database/</a>
]<br>
<br>
<pre class="moz-signature" cols="72">--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
<a class="moz-txt-link-abbreviated" href="mailto:davecb@spamcop.net">davecb@spamcop.net</a> | -- Mark Twain
</pre>
</body>
</html>