From owner-freebsd-ports@FreeBSD.ORG Tue Jan 30 18:38:53 2007 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2DF1E16A402 for ; Tue, 30 Jan 2007 18:38:53 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from merlin.alerce.com (merlin.alerce.com [64.62.142.94]) by mx1.freebsd.org (Postfix) with ESMTP id 13D4913C4B6 for ; Tue, 30 Jan 2007 18:38:53 +0000 (UTC) (envelope-from hartzell@alerce.com) Received: from merlin.alerce.com (localhost [127.0.0.1]) by merlin.alerce.com (Postfix) with ESMTP id 15A1D33C5D; Tue, 30 Jan 2007 10:39:00 -0800 (PST) Received: from satchel.alerce.com (w092.z064001164.sjc-ca.dsl.cnc.net [64.1.164.92]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "satchel.alerce.com", Issuer "alerce.com" (verified OK)) by merlin.alerce.com (Postfix) with ESMTP id 9DDFC33C5B; Tue, 30 Jan 2007 10:38:59 -0800 (PST) Received: from satchel.alerce.com (localhost [127.0.0.1]) by satchel.alerce.com (8.13.8/8.13.8) with ESMTP id l0UIf5i3063172 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 30 Jan 2007 10:41:05 -0800 (PST) (envelope-from hartzell@satchel.alerce.com) Received: (from hartzell@localhost) by satchel.alerce.com (8.13.8/8.13.8/Submit) id l0UIf2dI063159; Tue, 30 Jan 2007 10:41:02 -0800 (PST) (envelope-from hartzell) From: George Hartzell MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17855.37182.608042.111363@satchel.alerce.com> Date: Tue, 30 Jan 2007 10:41:02 -0800 To: Michael Fuhr In-Reply-To: <20070130010910.GA90927@winnie.fuhr.org> References: <20070130010910.GA90927@winnie.fuhr.org> X-Mailer: VM 7.19 under 21.4 (patch 20) "Double Solitaire" XEmacs Lucid X-Virus-Scanned: ClamAV using ClamSMTP Cc: hartzell@alerce.com, freebsd-ports@freebsd.org, Bill Moran Subject: Re: postgresql's 502.pgsql periodic script and passwords X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: hartzell@alerce.com List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 18:38:53 -0000 Michael Fuhr writes: > On Mon, Jan 29, 2007 at 09:23:52AM -0500, Bill Moran wrote: > > In response to George Hartzell : > > > I've "solved" the problem by creating a ~pgsql/.pgpass file with the > > > pgsql users password. > > > > > > Is there a better way? > > > > Depends. Do you allow untrusted users to log in to that machine? If > > so, then you've probably got the best approach. Make sure that .pgpass > > file is chmoded 600 > > Another possibility would be to use the "ident" method over a local > (i.e., Unix-domain) socket. You'd be authenticating via SO_PEERCRED; > no .pgpass file would be necessary. I saw a reference to that via google, and tried it as sketched, but it didn't fly. It seemed to involve pg_hga.conf, a pg_ident.conf, and.... Can you describe a known-working configuration? Would this be somehow more secure or flexible (aka "better") than the .pgpass solution? Thanks, g.