Re: postgresql, auth, cron
On Fri, 2003-04-18 at 09:53, Richard Hector wrote:
> Hi all,
>
> In /etc/cron.d/postgresql:
>
> # To ensure proper access rights, 'peer sameuser' access for localhost is
> # required in /etc/postgresql/pg_hba.conf. This is now the default setting for
> # the Debian configuration.
>
> However the extensive notes in pg_hba.conf don't mention a 'peer' keyword
> at all, nor can I find it by googling the postgresql site - except in
> list archives.
>
> Is it an obsolete feature?
Yes. I called it 'peer' when I introduced it into the Debian version.
When the upstream developers adopted (and reworked) it, they named it
"ident", since it parallels the "ident" option for host connections.
The text in pg_hba.conf has been revised in a later version of the
package.
> In all, the authentication features of PostgreSQL seem a bit limiting to me.
> Is that other people's experience, or am I just failing to understand it?
It is a lot more flexible in 7.3 (unstable or a woody version at
http://people.debian.org/~elphick/debian) in which you can control
access by a combination of user, database and connection. Getting
fine-grained control in 7.2 and earlier is pretty difficult.
> My aim is to enable cron jobs to run properly, but have proper authentication
> in place. I'm trying to set up SQL-Ledger, if that's important.
>
> I also want to understand what's happening - it doesn't enhance my sense of
> security to find things to cut & paste without knowing what they do.
>
> Any suggestions on what to read?
The Administrator's manual in the postgresql-doc package, the Client
Authentication chapter.
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"For by grace are ye saved through faith; and that not
of yourselves; it is the gift of God, not of works,
lest any man should boast." Ephesians 2:8,9
Reply to: