Re: BUG #1001: Inconsistent authentication between psql and
| От | Stephan Szabo |
|---|---|
| Тема | Re: BUG #1001: Inconsistent authentication between psql and |
| Дата | |
| Msg-id | 20031205092430.M8557@megazone.bigpanda.com обсуждение исходный текст |
| Ответ на | BUG #1001: Inconsistent authentication between psql and PQconnectdb - possible security implications? ("PostgreSQL Bugs List" <pgsql-bugs@postgresql.org>) |
| Список | pgsql-bugs |
On Fri, 5 Dec 2003, PostgreSQL Bugs List wrote: > I use "ident sameuser" authentication. Here are the relevant details from pg_hba.conf. > > local all all ident sameuser > host all all 127.0.0.1 255.255.255.255 ident sameuser > host all all 0.0.0.0 0.0.0.0 reject > > All is well with psql authentication. However, when I tried to > use knoda/hk_classes to access the database, I could not get > authenticated. A typical error message was IDENT authentication failed > for user "irwin". When I traced this down through the hk_classes code > it was using PQconnectdb to connnect to the database, and there were > complaints in the postgresql log that the identd server was not > available. All knoda/hk_classes/PQconnectdb problems disappeared when I > installed identd (apt-get install pidentd) on my Debian stable system. > So all seems well when identd is installed, but there may be a security > concern with psql when it is not. On the other hand, if psql is > actually secure when identd is not running, then why isn't PQconnectdb > using the exact same (secure) method of authentication for this case? My first guess is that knoda/hk_classes was going to 127.0.0.1 and psql was going through the local socket. local/ident is different from host/ident (see the section on ident authentication), the latter requires an ident server, the former does not.
В списке pgsql-bugs по дате отправления: