Adding encrypted identd authetification

Started by David M. Kaplanalmost 24 years ago2 messageshackers

dmkaplan@ucdavis.edu

almost 24 years ago

Hi,

I am about to add code to postgresql that would allow IDENT
authentification with DES encryption (as seen in the pidentd package
included with Redhat - not sure if same encryption is used by other
ident daemons). The code would allow for two types of IDENT
authentification:

ident - this is the same as before, accept now it will try to decrypt
username if IDENT response is surrounded in braces.
ident-des - this will only allow encrypted IDENT responses.

Keys will be kept in a file: $PG_DATA/pg_ident.key.

The code will probably also require that UID's on the client machine and
in postgresql all correspond. If not, a map could be used.

Does anyone have any suggestions about this? Has anyone done this?

David

Tom Lane

tgl@sss.pgh.pa.us

almost 24 years ago

In reply to: David M. Kaplan (#1)

Re: Adding encrypted identd authetification

"David M. Kaplan" <dmkaplan@ucdavis.edu> writes:

I am about to add code to postgresql that would allow IDENT
authentification with DES encryption (as seen in the pidentd package
included with Redhat - not sure if same encryption is used by other
ident daemons).

What's the point, exactly?

For local connections, you do not need encryption, and for remote
connections it's sheer folly to use IDENT anyway. So I'm having a
hard time identifying the space of applicability...

regards, tom lane