[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: postgres ident error

On Sun, May 23, 2004 at 14:46:34 -0400, Tom Allison wrote:
> J.H.M. Dassen (Ray) wrote:
> >PostgreSQL doesn't care about /etc/passwd. The default client
> >authentication settings care about what user is connecting to the
> >database server through a UNIX socket.

> Gee I must have missed something in the pg_hba configuration files.
> 
> IDENT is clearly the only authentication model used and sockets are not 
> used at all.

In the default configuration Debian's PostgreSQL doesn't listen on TCP/IP
sockets at all; it is only accessible locally through a Unix socket. 

> And others have mentioned that the IDENT process usees the /etc/passwd
> files for the authentication.

The "ident" authentication method does not imply the use of an ident server
process.

For local connections (the only connections available with the default
configuration), the "ident" authentication method uses getsockopt(...
SO_PEERCRED ...) and getpwuid(). Typically but not necessarily getpwuid()
consults /etc/passwd.

For TCP/IP connections (when enabled), the response given by the remote
ident server is used.

Ray
-- 
"People should never have been given free will."  Lots of languages.
	Larry Wall on common fallacies of language design
Reply to: