Participants
Peter Eisentraut
Peter Eisentraut
Bruce Momjian
Bruce Momjian
Oliver Elphick
Oliver Elphick
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Oliver ElphickOliver Elphick
Jun 28, 2001
#2...#3
Peter EisentrautTom Lane
to Oliver Elphick (#1)
Jun 29, 2001
#2Peter EisentrautPeter Eisentrautto Oliver Elphick (#1)
Jun 29, 2001
#3Tom LaneTom Laneto Peter Eisentraut (#2)
Jun 29, 2001
#4...#6
Bruce MomjianPeter Eisentraut
to Oliver Elphick (#1)
Jul 11, 2001
#4Bruce MomjianBruce Momjianto Oliver Elphick (#1)
Jul 11, 2001
#5Peter EisentrautPeter Eisentrautto Bruce Momjian (#4)
Jul 11, 2001
#6Bruce MomjianBruce Momjianto Peter Eisentraut (#5)
Jul 11, 2001

Re: Debian's PostgreSQL packages

Started by Oliver Elphickalmost 25 years ago6 messagesgeneral
Jump to latest
#1Oliver Elphick
Oliver Elphick
olly@lfix.co.uk

"J.H.M. Dassen (Ray)" wrote:

and it was never submitted to us a a patch.

According to the README it was. Oliver, could you comment on this please?

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable. If people
want to include it in the main release, I will resubmit a revised patch.

--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"The Spirit of the Lord is upon me, because he hath
anointed me to preach the gospel to the poor; he hath
sent me to heal the brokenhearted, to preach
deliverance to the captives, and recovering of sight
to the blind, to set at liberty them that are
bruised..." Luke 4:18

Import Notes
Reply to msg id not found: slrn9jlrl4.4h9.jdassen@odin.cistron-office.nl
#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Oliver Elphick (#1)
Re: Re: Debian's PostgreSQL packages

Oliver Elphick writes:

"J.H.M. Dassen (Ray)" wrote:

and it was never submitted to us a a patch.

According to the README it was. Oliver, could you comment on this please?

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable. If people
want to include it in the main release, I will resubmit a revised patch.

The whole authentication process has been rewritten in the meantime, so
you might have some work to do. I think the patch was okay in principle.
It's not any less "portable" than ident when you don't have an ident
server running.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Peter Eisentraut (#2)
Re: Re: Debian's PostgreSQL packages

Oliver Elphick writes:

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable.

I think there was some questioning of whether the code could run on
enough platforms to make it worth carrying in the main sources. Could
someone refresh my memory on which platforms can support this method?

As long as it's useful on some reasonable subset of platforms, and can
be autoconf'ed out on the rest, I don't have an objection to adding it.

regards, tom lane

#4Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Oliver Elphick (#1)
Re: Re: Debian's PostgreSQL packages

"J.H.M. Dassen (Ray)" wrote:

and it was never submitted to us a a patch.

According to the README it was. Oliver, could you comment on this please?

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable. If people
want to include it in the main release, I will resubmit a revised patch.

I think our current idea is to have people run local ident servers to
handle this. We don't have any OS-specific stuff in pg_hba.conf and I
am not sure if we want to add that complexity. What do others think?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
#5Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Bruce Momjian (#4)
Re: Re: Debian's PostgreSQL packages

Bruce Momjian writes:

"J.H.M. Dassen (Ray)" wrote:

and it was never submitted to us a a patch.

According to the README it was. Oliver, could you comment on this please?

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable. If people
want to include it in the main release, I will resubmit a revised patch.

I think our current idea is to have people run local ident servers to
handle this. We don't have any OS-specific stuff in pg_hba.conf and I
am not sure if we want to add that complexity. What do others think?

This is not any less "specific" than SSL or Kerberos. Note that opening a
TCP/IP socket already opens a theoretical hole to the world. Unix domain
is much safer.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

#6Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Peter Eisentraut (#5)
Re: Re: Debian's PostgreSQL packages

Bruce Momjian writes:

"J.H.M. Dassen (Ray)" wrote:

and it was never submitted to us a a patch.

According to the README it was. Oliver, could you comment on this please?

It was, a couple of months back. Peter made some criticism of its use of
autoconf, which I have changed. I have not resubmitted the patch because
the core team seemed to think it was not sufficiently portable. If people
want to include it in the main release, I will resubmit a revised patch.

I think our current idea is to have people run local ident servers to
handle this. We don't have any OS-specific stuff in pg_hba.conf and I
am not sure if we want to add that complexity. What do others think?

This is not any less "specific" than SSL or Kerberos. Note that opening a
TCP/IP socket already opens a theoretical hole to the world. Unix domain
is much safer.

You can install SSL/Kerberos on any Unix, and many come pre-installed.
You can't add unix-domain socket user authentication to any OS.

I assume most OS's have 127.0.0.1 set as loopback so there shouldn't be
a hole:

127 127.0.0.1 UGRS 4352 lo0
127.0.0.1 127.0.0.1 UH 4352 lo0

However, the security issue may make it worthwhile. Which OS's support
user authentication again, and can we test via configure? Maybe we can
strip out the mention in the pg_hba.conf file if it is not supported on
that OS.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
← Back to Topics