Re: Let people set host(no)ssl settings from initdb

On Fri, Jan 17, 2020 at 08:47:49PM +0100, David Fetter wrote:
> On Wed, Jan 08, 2020 at 02:53:47AM +0000, tsunakawa.takay@fujitsu.com wrote:
> > From: David Fetter <david@fetter.org>
> > > > But I see two problems with the proposed approach: (1) initdb
> > > > doesn't support setting up SSL, so the only thing you can achieve
> > > > here is to reject all TCP/IP connections, until you have set up SSL.
> > > 
> > > I don't believe any special setup is needed to require TLS for the
> > > connection, which is what this patch handles in a straightforward way.
> > 
> > I think this feature can be useful because it's common to reject remote non-TLS connections.  Eliminating the need
toscript for pg_hba.conf is welcome.  Setting GUC parameters just after initdb is relatively easy, because we can
simplyadd lines at the end of postgresql.conf.  But pg_hba.conf is not because the first matching entry is effective.
 
> > 
> > In terms of rejecting non-secure remote connections, should hostgssenc/hostnogssenc also be handled similarly?
> 
> Yes, and they are in the enclosed patch.
> 
> > > > (2) The default pg_hba.conf only covers localhost connections.
> > > 
> > > As of this patch, it can be asked to cover all connections.
> > 
> > +      <term><option>--auth-hostssl=<replaceable class="parameter">authmethod</replaceable></option></term>
> > +      <listitem>
> > +       <para>
> > +        This option specifies the authentication method for users via
> > fg
> > +        TLS connections used in <filename>pg_hba.conf</filename>
> > +        (<literal>hostssl</literal> lines).
> > +       </para>
> >     +      </listitem>
> > 
> > The relationship between --auth/--auth-local/--auth-host and --auth-hostssl/--auth-hostnossl is confusing.  The
formeris for local connections, and the latter is for remote ones.  Can we just add "remote" in the above
documentation?
> 
> Done.
> 
> > Plus, you're adding the first option to initdb that handles remote connections.  As the following execution shows,
itdoesn't warn about using "trust" for remote connections.
 
> > 
> > 
> > $ initdb --auth=md5 --pwprompt --auth-hostssl=trust --auth-hostnossl=trust
> > ...
> > syncing data to disk ... ok
> > 
> > Success. You can now start the database server using:
> > 
> >     pg_ctl -D /tuna/pg2 -l logfile start
> > 
> > 
> > 
> > I think we should emit a warning message like the following existing one:
> > 
> > --------------------------------------------------
> > initdb: warning: enabling "trust" authentication for local connections
> > You can change this by editing pg_hba.conf or using the option -A, or
> > --auth-local and --auth-host, the next time you run initdb.
> > -
> > initdb: warning: enabling "trust" authentication 
> 
> Done.
> 
> Best,
> David.

This time, with the patch attached.

Best,
David.
-- 
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate