[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help wanted for packaging postgresql application

On Mon, 2003-05-26 at 08:19, Andreas Tille wrote:

> Thus the postgresql server has to allow connections of non system users
> from localhost and also from other hosts (GnuMed clients) in the next step
> while keeping the possibility to authenticate via ident.

In 7.3, you can specify connection/database/user combinations with
associated authentication methods.  If you want to use ident where
possible and fall back on password, pg_hba.conf should look something
like this:

CONNECTION   DATABASE   USER   IPADDR   IPMASK           METHOD   OPTION
local        all        postgres                         ident    sameuser
local        db1        fred                             ident    sameuser
local        db1        george                           ident    sameuser
local        db2        @db2.list                        ident    sameuser
local        all        all                              md5
host         all        all    0.0.0.0  255.255.255.255  md5

So system logins fred and george can connect to db2 without a password;
any system user listed in $PGDATA/db2.list can similarly connect to db2;
postgres can connect to any database (necessary for backups) and any
other connection/database/user combination needs an md5-encrypted
password.

-- 
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight, UK                             http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
                 ========================================
     "Let nothing be done through strife or vainglory; but 
      in lowliness of mind let each esteem other better than
      themselves."      Philippians 2:3
Reply to: