Re: db security; user identification

Marcin Gil <marcin.gil@audax.com.pl> writes:
> I have switched identification method from 'trust' to 'md5'
> for all local requests, ie:

> - local all all trust
> + local all all md5

> But that creates a problem:
> - when restarting postgresql it waits for password;
>    how can I work it around?

I think the other respondents have missed the point --- your immediate
problem is that you want to turn off the "wait for postmaster to start"
option in pg_ctl, because that's what's demanding a password.  I think
you want "pg_ctl start -w" but check the man page to be sure.  You
should be able to run fine with the above configuration otherwise.

I concur with the suggestion to investigate local IDENT auth, though.
If your system supports it, it's trustworthy and lots more convenient
than forcing a password to be supplied all the time.

Another possibility is to put the correct password into the postgres
account's ~/.pgpass file.  If you stick with md5 local auth you are
going to end up doing that anyway, because it's the only reasonable way
to handle authentication for batch jobs (think about backup and periodic
vacuum tasks).  I am not totally sure, but I think that would also fix
the pg_ctl start problem without needing -w.

            regards, tom lane