From owner-freebsd-database Tue Sep 28 16:19:27 1999 Delivered-To: freebsd-database@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5D34214FA5 for ; Tue, 28 Sep 1999 16:19:24 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id TAA09575 for ; Tue, 28 Sep 1999 19:19:23 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Tue, 28 Sep 1999 19:19:23 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: database@freebsd.org Subject: Postgres -- ancillary data to authenticate? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-database@FreeBSD.ORG Precedence: bulk I have a postgresql database set up on a server, and was upset when I discovered that psql -u allows authentication to the database as any other user without a password, as the default configuration is to trust all local connections. I was wondering if anyone knew of patches (or better yet, it being supported built-in) to use the sendmsg ancilary data to pass uids/gids and authentication the UNIX domain socket, or a setuid/gid/etc binary of psql that is trusuted to gather the info, etc. Similarly, whether anyone knew about support for PAM, BSD-style. My feeling is there should be a big warning label somewhere obvious saying "BY DEFAULT ALL USERS ON THE DATABASE SERVER HAVE FULL ACCESS TO ALL DATABASES" :-). Any suggestions? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-database" in the body of the message