RE: [GENERAL] Another access control query

You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users you
wantto be able to connect from the servip to the dbX. 
The lines in pg_hba looks like :
host    bd1    serverip1 netmask    password    password.username1
host    bd2    serverip2 netmask    password    password.username2

You can create the "password.*" files using the pg_passwd command.
This way, passwords are stored in files rather than in the pg_shadow table, and you cannot use the "crypt" authmode.
It seems that ODBC access from remote workstations can't use the crypt authmode, so it is not a real problem. Can
someonetell me if it's true ? 
Second problem : you must set the suer password in both the pg_shadow table (using psql), and the passwd.* files (using
pg_passwd).

Yours,

Nicolas Huillard

-----Message d'origine-----
De:    Mark Jewiss [SMTP:Mark.Jewiss@knowledge.com]
Date:    jeudi 14 octobre 1999 16:50
À:    pgsql-general@postgreSQL.org
Objet:    [GENERAL] Another access control query

Hello,

Similar to other questions I've seen posed in the last day or so,
apologies if this exact question has been asked, I don't think it has.

I want to restrict access to a set of databases to connections from a
specfic machine and a specific user.

Lines in my pg_hba.conf file are similar to this:

host    db1    serverip    netmask    password

Effectively what I want to do is have something like:

host    db1    username1    serverip    netmask    password
host    db2    username2    serverip    netmask    password

thereby ensuring that it is not possible for user2 to connect to db1 from
the same machine.

I know I can set up the different db's so that table security only gives
any access to the user I want, but that is fiddly. Being able to do the
above and prevent connections to the database will resolve that issue.

Any ideas?

Regards,

Mark.
--
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com



************