Re: Disable TRUST authentication by using ClientAuthentication_hook
| От | Fabrízio de Royes Mello |
|---|---|
| Тема | Re: Disable TRUST authentication by using ClientAuthentication_hook |
| Дата | |
| Msg-id | CAPfkCSAp1h1kipBdd7TA3TM6FmDesQDe6Q=4Y_tnD4oDJoa5pQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Disable TRUST authentication by using ClientAuthentication_hook (Guillaume Lelarge <guillaume@lelarge.info>) |
| Ответы |
Re: Disable TRUST authentication by using ClientAuthentication_hook
Re: Disable TRUST authentication by using ClientAuthentication_hook |
| Список | pgsql-general |
2018-07-13 9:01 GMT-03:00 Guillaume Lelarge <guillaume@lelarge.info>:
2018-07-13 13:57 GMT+02:00 <kpi6288@gmail.com>:I’d like to disable the TRUST authentication method for certain servers where modification of pg_hba.conf and restarting a service is fairly easy for a number of users.
I looked at this example https://wiki.postgresql.org/im
ages/e/e3/Hooks_in_postgresql. pdf It appears that creating a ClientAuthentication_hook and call ereport(ERROR) in case that Port->HbaLine contains TRUST would do the job. Is that right?
I am aware that this would not make the server entirely secure but it would make it at least a bit more difficult to enter.
I'm not sure this is such a good idea. You may need the trust authentication method, for example if you forgot the superuser password. Otherwise, there's good chance you might use the ClientAuthentication hook to do what you want.
If you're an server admin you can disable the extension (editing shared_pre_load_libraries GUC), change password and then enable the extension again...
Regards,
--
Fabrízio de Royes Mello Timbira - http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento
В списке pgsql-general по дате отправления: