Re: Security choices...

At 18:34 4/08/00 -0400, Bruce Momjian wrote:
>[ Charset ISO-8859-1 unsupported, converting... ]
>> Philip Warner writes:
>> 
>> > Is there any reason that a security model does not exist for psql that
>> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
>> > but any user trying to log on as someone other than themselves has to
>> > provide a password?
>> 
>> Short of someone sitting down and making it happen I don't see any. You'd
>> only need to implement some sort of fall-through in `pg_hba.conf', which
>> in my estimate can't be exceedingly hard.
>
>How do you know Fred is Fred without a password?
>

The idea was to apply only on the matchine on which the postmaster runs;
then ideally you get the username of the client process. It's kind of like
IDENT, except it works only for local connections, and asks for passwords
for non-local connections.


----------------------------------------------------------------
Philip Warner                    |     __---_____
Albatross Consulting Pty. Ltd.   |----/       -  \
(A.C.N. 008 659 498)             |          /(@)   ______---_
Tel: (+61) 0500 83 82 81         |                 _________  \
Fax: (+61) 0500 83 82 82         |                 ___________ |
Http://www.rhyme.com.au          |                /           \|                                |    --________--
PGP key available upon request,  |  /
and from pgp5.ai.mit.edu:11371   |/