J.H.M. Dassen (Ray) wrote:
On Sun, May 23, 2004 at 14:46:34 -0400, Tom Allison wrote:J.H.M. Dassen (Ray) wrote:PostgreSQL doesn't care about /etc/passwd. The default client authentication settings care about what user is connecting to the database server through a UNIX socket.Gee I must have missed something in the pg_hba configuration files.IDENT is clearly the only authentication model used and sockets are not used at all.In the default configuration Debian's PostgreSQL doesn't listen on TCP/IPsockets at all; it is only accessible locally through a Unix socket.
So the "tcpip_socket=yes" statement has nothing to do with TCP/IP connection? While tcpip_sockets=no is the default from postgres, the configuration file in Debian shows otherwise.
However, it is not accessible from any other network address (sockets and localhost only).
And others have mentioned that the IDENT process usees the /etc/passwd files for the authentication.The "ident" authentication method does not imply the use of an ident server process. For local connections (the only connections available with the default configuration), the "ident" authentication method uses getsockopt(... SO_PEERCRED ...) and getpwuid(). Typically but not necessarily getpwuid() consults /etc/passwd. For TCP/IP connections (when enabled), the response given by the remote ident server is used.
All of this that you say here regarding the access of IDENT servers versus ident-ish calls to /etc/passwd is probably true (I don't have enough information on the specifics to doubt you). As it appears in the configuration files, both sockets and tcp/ip (localhost only) are enabled, so it could be either one or both. All of which still denies network access.
However, from postgres' own documentation, they clearly warn against the use of IDENT servers as a means of authentication when accessing the database over anything other than sockets or possibly localhost.
This kind of falls under the category of Monty Pythons the Chocolate shop skit where you have the warning: "Danger: real live unboned crunchy dead frog"
I fully understand that postgresql as configured is pretty much secure, but the implication that this method of authentication can be applied to non-localhost network connections might do better to carry a warning in the configuration somewhere, even a README.Debian would be at least something. It would be very easy for someone to just copy/paste/edit and end up with a problem.