Re: Allow IDENT authentication on local connections (Linux only)

On Tue, 31 Jul 2001, Bruce Momjian wrote:
> I don't see any configure.in code here to test for the CRED capability.
No, as I wrote in my mail; wanted to get some comment first, if this
is useful at all. I'm no autoconf guru, so there may be a better
way (help wanted!), but here it goes as a quick hack:

AC_EGREP_CPP(yes,
#include <sys/socket.h>
#ifdef SO_PEERCRED
yes
#endif
],
AC_DEFINE(HAVE_SO_PEERCRED),
[])

and a corresponding entry to config.h.in:

/* Define if you have SO_PEERCRED */
#undef HAVE_SO_PEERCRED

I'll make a new patch if you prefer.

> How does this affect pg_hba.conf?  Did you specify "trust" on that line?
simply specify "ident", like the following:

local    all    ident    sameuser

> Do we test when they have specified trust, and if not, what word do we
> use?
No, this would change semantics of an existing keyword. I think it is
quite logical to use "ident" as a keyword for both local and remote
connections.

Regards,
Helge