How to start without password
Hi!
I want to make very secure postgresql and not allow
connections witout passwords. I also remove all trusts
from pg_hba.conf.
Whe i start server i have to type my password. I want to know
how can i then start at boot. I can't try because I can't
boot whenever i want. I just want to be sure that if server
crash would start postgre at boot time without that pass.
And another question. I don't use tcp/ip sockets and i found
that postgre is listening on udp port
pgsql postgres 172 4 udp4 127.0.0.1:1024 127.0.0.1:1024
pgsql postgres 168 4 udp4 127.0.0.1:1024 127.0.0.1:1024
is this normal or am i missing something in config.
--
bye,
Uros mailto:uros@sir-mag.com
-----Original Message-----
From: pgsql-general-owner@postgresql.org
[mailto:pgsql-general-owner@postgresql.org]On Behalf Of Uros Gruber
Sent: Saturday, June 08, 2002 12:39 PM
To: pgsql-general@postgresql.org
Subject: [GENERAL] How to start without password
Importance: HighHi!
I want to make very secure postgresql and not allow
connections witout passwords. I also remove all trusts
from pg_hba.conf.Whe i start server i have to type my password. I want to know
how can i then start at boot. I can't try because I can't
boot whenever i want. I just want to be sure that if server
crash would start postgre at boot time without that pass.
PG server doesn't require a password to start up. How are you starting it up
so that it requires a password?
Normally, in your startup script (which presumably run as root), you'll have
a line like:
su -c postgres "/usr/local/pgsql/bin/pg_ctl start"
to run pg_start as the user postgres. Since root can su to any user, no
password is required.
This has nothing to do with whether passwords are required to *connect* to
PG; you're right, this is controlled by pg_hba.conf.
- J.
"Joel Burton" <joel@joelburton.com> writes:
PG server doesn't require a password to start up. How are you starting it up
so that it requires a password?
The server does not care --- but pg_ctl tries to connect (via psql) in
order to see if the server is up yet. If you want to use password-based
authentication and not supply a password for "pg_ctl start", then you'll
need to specify the don't-wait-for-startup option to pg_ctl.
But my opinion is that password auth is a serious PITA; you are going to
have lots of trouble with backup scripts, not only startup, if you try
to run your installation like that. For local connections you should
consider whether you can't use ident authentication instead (assuming
you have a platform on which we support ident for Unix-socket
connections).
regards, tom lane
On Sat, 8 Jun 2002, Tom Lane wrote:
But my opinion is that password auth is a serious PITA; you are going to
have lots of trouble with backup scripts, not only startup, if you try
to run your installation like that. For local connections you should
consider whether you can't use ident authentication instead (assuming
you have a platform on which we support ident for Unix-socket
connections).
If you're serious about security, allowing passwordless local
connections is not a problem, because you don't allow anybody but
admins to log into the Unix system, anyway. There are far, far more
local root exploits than remote, and they appear at a faster rate,
so it's rather risky to have local users on your system anyway.
cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC