I'm setting up postgresql (8.1) on what I hope to be a very secure server
(SUSE Linux 10.1).
Only authentication allowed by anyone is 'local' (unix-domain sockets).
Most users I plan on authenticating by PASSWORD (web connections are made to
an apache webserver over SSL; the actual postgresql connections are
themselves all local via pg_connect).
What I'm not sure about is how to authenticate the postgresql superuser
(user 'postgres' on my system). I'm considering:
1. Using ident (supposedly secure because of the SO_PEERCRED mechanism; and
I've made a lot of effort to secure the server at the OS level)
2. Using password (_not_ stored on disk in e.g. pgpass)
3. Using reject
My questions:
* Is 3 overly paranoid in the context of a production server?
* Would 2 or 3 hobble some kind of daemons? (A cursory search led me to
think that maybe pg_autovacuum wouldn't work, and I'm not sure if there are
other such daemons.)
* If the choice came down to 1 vs 2, is there much argument for one over the
other in terms of security? (I realize that there might not be a clear
answer to that.)
TIA