Date: Tue, 30 Jan 2007 10:41:02 -0800 From: George Hartzell <hartzell@alerce.com> To: Michael Fuhr <mike@fuhr.org> Cc: hartzell@alerce.com, freebsd-ports@freebsd.org, Bill Moran <wmoran@collaborativefusion.com> Subject: Re: postgresql's 502.pgsql periodic script and passwords Message-ID: <17855.37182.608042.111363@satchel.alerce.com> In-Reply-To: <20070130010910.GA90927@winnie.fuhr.org> References: <20070130010910.GA90927@winnie.fuhr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Fuhr writes: > On Mon, Jan 29, 2007 at 09:23:52AM -0500, Bill Moran wrote: > > In response to George Hartzell <hartzell@alerce.com>: > > > I've "solved" the problem by creating a ~pgsql/.pgpass file with the > > > pgsql users password. > > > > > > Is there a better way? > > > > Depends. Do you allow untrusted users to log in to that machine? If > > so, then you've probably got the best approach. Make sure that .pgpass > > file is chmoded 600 > > Another possibility would be to use the "ident" method over a local > (i.e., Unix-domain) socket. You'd be authenticating via SO_PEERCRED; > no .pgpass file would be necessary. I saw a reference to that via google, and tried it as sketched, but it didn't fly. It seemed to involve pg_hga.conf, a pg_ident.conf, and.... Can you describe a known-working configuration? Would this be somehow more secure or flexible (aka "better") than the .pgpass solution? Thanks, g.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17855.37182.608042.111363>