where is the hole? don't you trust your employees? *raised eyebrows*
On Tue, 15 Aug 2000, Jeff MacDonald wrote:
> this kinda has a hole in it also.. our database server only has about 5
> uesrs on it , all are employee acounts, not clients.
>
> jeff
>
> On Sat, 5 Aug 2000, Philip Warner wrote:
>
> > At 18:34 4/08/00 -0400, Bruce Momjian wrote:
> > >[ Charset ISO-8859-1 unsupported, converting... ]
> > >> Philip Warner writes:
> > >>
> > >> > Is there any reason that a security model does not exist for psql that
> > >> > allows Unix user 'fred' to log in as PG user 'fred' with no password etc,
> > >> > but any user trying to log on as someone other than themselves has to
> > >> > provide a password?
> > >>
> > >> Short of someone sitting down and making it happen I don't see any. You'd
> > >> only need to implement some sort of fall-through in `pg_hba.conf', which
> > >> in my estimate can't be exceedingly hard.
> > >
> > >How do you know Fred is Fred without a password?
> > >
> >
> > The idea was to apply only on the matchine on which the postmaster runs;
> > then ideally you get the username of the client process. It's kind of like
> > IDENT, except it works only for local connections, and asks for passwords
> > for non-local connections.
> >
> >
> > ----------------------------------------------------------------
> > Philip Warner | __---_____
> > Albatross Consulting Pty. Ltd. |----/ - \
> > (A.C.N. 008 659 498) | /(@) ______---_
> > Tel: (+61) 0500 83 82 81 | _________ \
> > Fax: (+61) 0500 83 82 82 | ___________ |
> > Http://www.rhyme.com.au | / \|
> > | --________--
> > PGP key available upon request, | /
> > and from pgp5.ai.mit.edu:11371 |/
> >
>
> Jeff MacDonald,
>
> -----------------------------------------------------
> PostgreSQL Inc | Hub.Org Networking Services
> jeff@pgsql.com | jeff@hub.org
> www.pgsql.com | www.hub.org
> 1-902-542-0713 | 1-902-542-3657
> -----------------------------------------------------
> Fascimile : 1 902 542 5386
> IRC Nick : bignose
>
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org