[Dbconfig-common-devel] Why does dbconfig-common use a none
exiting local user
Karsten Hilbert
Karsten.Hilbert at gmx.net
Wed Jan 18 22:09:16 UTC 2006
On Wed, Jan 18, 2006 at 04:38:02PM -0500, sean finney wrote:
> what's going on is there are two ways of accessing a postgres database
there's a lot more than two ...
> "out of the box": "password" and "ident" -based authentication.
... but maybe not "out of the box"
> "password" is what you'd expect... you give a username and password
> just like with mysql and other systems. "ident", on the other hand,
> is a user-based authentication scheme where on the local host the server
> checks that the owner of the communication socket is the user in question
> (and for remote installs uses the insecure ident protocol).
Any decent install (out of the box, that is) will not enable
IDENT authentication for remote connections by default. In
fact, many installs will not enable *any* remote connections
by default.
> i think by default the pgsql code in dbconfig-common is trying to use the
> ident based setup,
The thing is, client code should *not* assume any particular
auth method. It is local system policy which method(s)
is/are enabled. Hence "good" clients should be able to
handle "all" of them - for most cases this would amount to
IDENT and password-based ones (md5, password, etc).
To make a long story short: the dbc default should be to
supply a password and not worry about whether it is needed
or not. If it isn't needed it isn't used.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
More information about the Dbconfig-common-devel
mailing list