Date: Tue, 28 Sep 1999 19:19:23 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: database@freebsd.org Subject: Postgres -- ancillary data to authenticate? Message-ID: <Pine.BSF.3.96.990928191546.9562A-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
I have a postgresql database set up on a server, and was upset when I discovered that psql -u allows authentication to the database as any other user without a password, as the default configuration is to trust all local connections. I was wondering if anyone knew of patches (or better yet, it being supported built-in) to use the sendmsg ancilary data to pass uids/gids and authentication the UNIX domain socket, or a setuid/gid/etc binary of psql that is trusuted to gather the info, etc. Similarly, whether anyone knew about support for PAM, BSD-style. My feeling is there should be a big warning label somewhere obvious saying "BY DEFAULT ALL USERS ON THE DATABASE SERVER HAVE FULL ACCESS TO ALL DATABASES" :-). Any suggestions? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-database" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990928191546.9562A-100000>