Re: Permissions

Thanks again for responding. :)

The solution that you posted would appear to be what I am looking for.
However IIRC, I think I tried that.  I logged into the unix account
'heath' and I did a psql -u and typed in 'postgres' at the user prompt.
It believed me and let right on in.  I kept on looking because I didn't
like the idea of anyone who had a unix account, regardless how trivial,
having what amounted to root access to the rmdbs.

Under the circumstances, I believe that would be the best option though.

Your help is much appreciated...


Heath Johns



On Tue, Feb 27, 2001 at 06:08:04PM -0500, Tom Lane wrote:
> Heath Johns <public@elesi.org> writes:
> > First off, thank you for your reply.  I have an additional problem
> > however.  I have many stunnels (ssh like tcp tunnels) coming into this
> > box that communicate with pgsql, all of which I need to password
> > authenticate. They obviously only work on tcp sockets.  If I were to
> > ident them, it would surely come back with the owner of the stunnel.
> > Also, these tunnels map an external port to localhost, so I cannot do
> > host based authentication.
>
> Okay, that is a little bit messy.
>
> > I would be more than happy if the situation were reversed, with unix
> > users not requiring a password, and all tcp connections being password
> > authenticated (which would seem to me the more logical arangement).
> > Unfortunately, there appears to be no way to do this.
>
> Um, the users coming in through stunnels must reach the postmaster via
> TCP, no?  Or are they first logging into local shells and then running
> psql locally?  If they do use TCP connections then it seems like
>
>     local    all trust
>     host    all 127.0.0.1 255.255.255.255 password
>
> will do what you just said.  The local users just have to be careful
> not to set PGHOST ...
>
>             regards, tom lane