Re: Allow IDENT authentication on local connections (Linux only)
| От | Bruce Momjian |
|---|---|
| Тема | Re: Allow IDENT authentication on local connections (Linux only) |
| Дата | |
| Msg-id | 200107311419.f6VEJ4v13688@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Allow IDENT authentication on local connections (Linux only) (Helge Bahmann <bahmann@math.tu-freiberg.de>) |
| Список | pgsql-patches |
> On Tue, 31 Jul 2001, Bruce Momjian wrote: > > I don't see any configure.in code here to test for the CRED capability. > No, as I wrote in my mail; wanted to get some comment first, if this > is useful at all. I'm no autoconf guru, so there may be a better > way (help wanted!), but here it goes as a quick hack: > > AC_EGREP_CPP(yes, > #include <sys/socket.h> > #ifdef SO_PEERCRED > yes > #endif > ], > AC_DEFINE(HAVE_SO_PEERCRED), > []) > > and a corresponding entry to config.h.in: > > /* Define if you have SO_PEERCRED */ > #undef HAVE_SO_PEERCRED OK, no problem. It is easy to add. > I'll make a new patch if you prefer. > > > How does this affect pg_hba.conf? Did you specify "trust" on that line? > simply specify "ident", like the following: > > local all ident sameuser > > > Do we test when they have specified trust, and if not, what word do we > > use? > No, this would change semantics of an existing keyword. I think it is > quite logical to use "ident" as a keyword for both local and remote > connections. This makes sense. We can't currently do local/indent and it makes sense to use that here. I figure we could add this and add other OS's as we need them. Does it report an pg_hba.conf error if your OS doesn't support this? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
В списке pgsql-patches по дате отправления: