[Dbconfig-common-devel] Re: Best practice for allowing access to a
postgres db
sean finney
seanius at debian.org
Tue Sep 27 08:22:19 UTC 2005
hey martin,
On Tue, Sep 27, 2005 at 07:44:13AM +0200, Martin Pitt wrote:
> sean finney [2005-09-26 3:41 -0400]:
> > i think it would be helpful if the other options were also allowed.
> > for example, if method is md5, we would need to know this so that
> > a line with ident sameuser didn't cause a false positive.
>
> Not sure what you mean here. It does not make sense to specify more
> than one line for a given type/user/database triple, since only the
> first matching line is used. Therefore the method should be an output
> rather than an input.
what i meant was that when one calls pg_test_hba, one should be able to
pass the exact connection method/params. here are some examples:
pg_test_hba --add --method ident dbname dbuser
pg_test_hba --add --ip w.x.y.z --method ident dbname dbuser
pg_test_hba --add --method md5 dbname dbuser
pg_test_hba --add --ip w.x.y.z --method md5 dbname dbuser
pg_test_hba --remove ...
and i suppose --ip would default to 127.0.0.1 if it needed to be used
in making calculations.
sean
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20050927/4bb601f6/attachment.pgp
More information about the Dbconfig-common-devel
mailing list