Re: Help with access control settings in pg_hba.conf --

On Thu, 27 Jan 2005, Bruno Wolff III wrote:

>On Thu, Jan 27, 2005 at 12:22:06 -0500,
>  Victor Danilchenko <danilche@cs.umass.edu> wrote:
>>
>>     the solution was in disabling the 'result:encrypt' option
>> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
>> IDENT started returning plaintext names instead of encrypted strings,
>> and clearly PostgreSQL ident client doesn't know how to handle encrypted
>> IDENT responses. Something to fix in the future release perhaps? or
>> maybe it's fixed already...
>
>When you encrypt names for ident, the other host isn't supposed to be
>able to figure out who is making the request. If the remote site has
>a problem they can give the string back to the connecting site's admins
>and then they can figure out who is causing problems.
>
>If you are actually using ident for authentication, you don't want to use
>the encrypted mode unless you are willing to modify applications so that
>they can decrypt the ident strings.

    Aha. Gotcha. Thanks.

--
|  Victor  Danilchenko  | When in danger or in doubt,        |
| danilche@cs.umass.edu | run in circles, scream, and shout. |
|   CSCF   |   5-4231   |                    Robert Heinlein |