Date: Wed, 29 Sep 1999 09:46:30 +0200 From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: database@freebsd.org Subject: Re: Postgres -- ancillary data to authenticate? Message-ID: <19990929094630.E38679@daemon.ninth-circle.org> In-Reply-To: <Pine.BSF.3.96.990928191546.9562A-100000@fledge.watson.org> References: <Pine.BSF.3.96.990928191546.9562A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On [19990929 03:17], Robert Watson (robert@cyrus.watson.org) wrote: > >I have a postgresql database set up on a server, and was upset when I >discovered that psql -u allows authentication to the database as any other >user without a password, as the default configuration is to trust all >local connections. I was wondering if anyone knew of patches (or better >yet, it being supported built-in) to use the sendmsg ancilary data to pass >uids/gids and authentication the UNIX domain socket, or a setuid/gid/etc >binary of psql that is trusuted to gather the info, etc. Similarly, >whether anyone knew about support for PAM, BSD-style. Ehm, you missed the obvious: /usr/local/pgsql/lib/pg_hba.conf.sample which you need to copy to: /usr/local/pgsql/lib/pg_hba.conf and which controls access. >My feeling is there should be a big warning label somewhere obvious saying >"BY DEFAULT ALL USERS ON THE DATABASE SERVER HAVE FULL ACCESS TO ALL >DATABASES" :-). > > Robert N M Watson *grin* yeah, RTFM Robert ;) But seriously, this was all discussed in the manuals for installation IIRC. And there's always the SQL GRANT command plus database access restriction. There are options. You just missed a lot of ways to do them. HTH a bit, -- Jeroen Ruigrok van der Werven/Asmodai asmodai(at)wxs.nl The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>; Network/Security Specialist BSD: Technical excellence at its best Millions for defence but not one cent for tribute. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-database" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990929094630.E38679>