ident inconsistency
ident authentication appears to work inconsistently between debian
stable (7.2.1) and the 7.2.3 postgresql I installed from source on a Red
Hat 7.3 machine.
Debian doesn't require I run an ident server. My pg_hba.conf contains:
local all ident sameuser
On the installation I compiled myself, that doesn't work. Instead I
must run an ident server, and do:
host all 127.0.0.1 0.0.0.0 ident sameuser
...which doesn't work on Debian.
(Additionally, the RH7.3 pidentd RPM returns an encrypted response by
default. That needs to be turned off by editing /etc/pidentd.conf)
I know that at one time debian provided a 'peer' authentication
mechanism. I thought that had been absorbed in the main distribution,
and renamed 'ident' to prevent confusion.
Personally, I prefer Debian's operation. The only reason I'd use ident
authentication would be to authenticate on the local machine - in which
case running an ident server and connecting via localhost should be
unneccessary, no?
In any case, I think it would be nice if the config files worked in a
consistent fashion - either by adopting a single unified approach, or by
re-introducing the 'peer' keyword.
--
Ron Peterson -o)
Network & Systems Manager /\\
Mount Holyoke College _\_v
http://www.mtholyoke.edu/~rpeterso ----
On Thu, Jan 02, 2003 at 23:49:43 -0500,
Ron Peterson <rpeterso@mtholyoke.edu> wrote:
ident authentication appears to work inconsistently between debian
stable (7.2.1) and the 7.2.3 postgresql I installed from source on a Red
Hat 7.3 machine.Debian doesn't require I run an ident server. My pg_hba.conf contains:
local all ident sameuser
The above uses domain sockets for connecting to the database and
getpeereuid is used to identify who is connecting.
On the installation I compiled myself, that doesn't work. Instead I
must run an ident server, and do:host all 127.0.0.1 0.0.0.0 ident sameuser
The above uses the loopback interface and an ident server to obtain
who is connecting.
Both forms should be usable on either system.