Participants
Reid Thompson
Reid Thompson
Thomas Beutin
Thomas Beutin
Çağıl Şeker
Çağıl Şeker
Attachments
Show all attachments
Thread Outline
#1Reid ThompsonReid Thompson
Dec 13, 2002
#2Thomas BeutinThomas Beutinto Reid Thompson (#1)
Dec 13, 2002
#3Çağıl ŞekerÇağıl Şekerto Thomas Beutin (#2)
Dec 13, 2002

pg_hba.conf authorization question

Started by Reid Thompsonover 23 years ago3 messagesgeneral
Jump to latest
#1Reid Thompson
Reid Thompson
Reid.Thompson@ateb.com

Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be
allowed to users created using createuser verified by the password that
was set during the creatuser process. The user and password do NOT
correlate to system users(linux host). Connections will be both local
and TCP based.
Rather than the open to everyone entries that I have in pg_hba.conf
below, what should the entries look like under

# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE
AUTH_ARGUMENT
local all trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trust

Thanks,
reid

#2Thomas Beutin
Thomas Beutin
tyrone@laokoon.IN-Berlin.DE
In reply to: Reid Thompson (#1)
Re: pg_hba.conf authorization question

On Fri, Dec 13, 2002 at 11:25:00AM -0500, Reid Thompson wrote:

Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be
allowed to users created using createuser verified by the password that
was set during the creatuser process. The user and password do NOT
correlate to system users(linux host). Connections will be both local
and TCP based.
Rather than the open to everyone entries that I have in pg_hba.conf
below, what should the entries look like under

# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE
AUTH_ARGUMENT
local all trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trust

AFAIK the AUTH_TYPE "trust" doesn't look for password but let the
user connect. IMHO the AUTH_TYPE "md5" compares the given password
with that stored in pg_shadow.
But i've never tried...

Greetings,
-tb
--
Thomas Beutin tb@laokoon.IN-Berlin.DE
Beam me up, Scotty. There is no intelligent live down in Redmond.

#3Çağıl Şeker
Çağıl Şeker
cagils@biznet.com.tr
In reply to: Thomas Beutin (#2)
Re: pg_hba.conf authorization question

Either md5 or password will work. But I'd recommend md5 for security reasons. That will send passwords using encryption (double). Also note that in order to this work every user must have a password set in pg_shadow. Also set security = true in postgresql.conf. And use "alter user 'myuser' set encrypted password 'password'" command to set passwords.

# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
local all md5
host all 127.0.0.1 255.255.255.255 md5
host all 192.168.100.0 255.255.255.0 md5
Regards,

Çagil SEKER
-----------------
"Yes, I am a criminal. My crime is that of outsmarting you. Something that you'll never forgive me for!" - The Mentor'86 (Hacker's Manifesto)
-----------------

-----Original Message-----
From: Reid Thompson [mailto:Reid.Thompson@ateb.com]
Sent: 13 Aralik 2002 Cuma 18:25
To: pgsql-general@postgresql.org
Subject: [GENERAL] pg_hba.conf authorization question

Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be allowed to users created using createuser verified by the password that was set during the creatuser process. The user and password do NOT correlate to system users(linux host). Connections will be both local and TCP based.
Rather than the open to everyone entries that I have in pg_hba.conf below, what should the entries look like under

# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
local all trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trust

Thanks,
reid

Import Notes
Resolved by subject fallback
← Back to Topics