authenticating local users

Started by Chris Greenover 25 years ago2 messagesgeneral

cmg@uab.edu

over 25 years ago

For local users, is there anyway to have users only be able to connect
to the postmaster as the name associated with their current uid?

I would like to not require db passwords on the for psql where data
entry is also performed but I with full blown trust, it is too easy to
circumvent uid controls with psql -U

Thanks,
Chris
--
Chris Green <cmg@uab.edu>
"Yeah, but you're taking the universe out of context."

Tom Lane

tgl@sss.pgh.pa.us

over 25 years ago

In reply to: Chris Green (#1)

Re: authenticating local users

Chris Green <cmg@uab.edu> writes:

For local users, is there anyway to have users only be able to connect
to the postmaster as the name associated with their current uid?

You could use ident authentication with the 'sameuser' restriction,
ie

host all 127.0.0.1 255.255.255.255 ident sameuser

You have to be running an identd daemon, and you have to tell your
users to connect to host localhost instead of the default Unix-socket
connection. (AFAIK, ident doesn't work with Unix-socket connections.)
Setting PGHOST=localhost in the user environment is a fairly painless
answer to the latter problem though.

regards, tom lane