Re: [PATCHES] Allow IDENT authentication on local connections (Linux only)

Helge Bahmann <bahmann@math.tu-freiberg.de> writes:
> Most certainly they do not, or at least it is called differently; I
> grepped includes of: FreeBSD 4.2, Solaris 8, Irix 6.5 and AIX (4.3?) and
> did not find SO_PEERCRED.

> On FreeBSD (and I guess Solaris as well) it is possible to pass
> credentials using ancillary messages (Linux works as well, so this
> approach would be significantly more portable). However this requires the
> cooperation of the client who has to actively *send* his credentials, so
> this would require changes to both the backend and libpq.

Ah, now I understand: those references I saw mention the existence of
the underlying SCM_CREDENTIALS (or whatever it's called) message type,
not the SO_PEERCRED getsockopt facility.

I agree that it's not worth pursuing at the moment.  A localized change
in the backend is one thing, but an OS-specific addition to our client-
visible authentication protocol would be a lot bigger change, and a lot
more debatable.  If we get a larger/more active Solaris user community,
maybe someone will be motivated to do it.
        regards, tom lane