Re: Bug#95818: libpgsql2.1: should not depend on ident-server
Steve Langasek wrote:
>> In case anyone should ask why the server cannot authenticate directly,
>> communication between front- and back-ends is done through a Unix socket
>> and therefore it is not possible for the back-end to know the identity
>> of the user at the front-end. The only options for Unix socket access
>> are password-protection or trust (that is, a completely open database).
... [code] ...
>This works for Unix sockets under Linux 2.2 and Linux 2.4, at least. I
>know how portable the interface is beyond that, and lack of portability
>prevent upstream from adopting it. It would be interesting to see this as
>option for Debian, though. (Does Hurd implement SO_PEERCRED?)
Yes; this makes it look possible - I am pretty sure it is not portable,
though, so it won't be an upstream option.
How portable is it within Linux? I just tried looking for the documentation
on it in libc.info and couldn't find anything.
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"For whosoever will save his life shall lose it. But
whosoever will lose his life for my sake, the same
shall save it." Luke 9:24