Thanks again for responding. :)
The solution that you posted would appear to be what I am looking for.
However IIRC, I think I tried that. I logged into the unix account
'heath' and I did a psql -u and typed in 'postgres' at the user prompt.
It believed me and let right on in. I kept on looking because I didn't
like the idea of anyone who had a unix account, regardless how trivial,
having what amounted to root access to the rmdbs.
Under the circumstances, I believe that would be the best option though.
Your help is much appreciated...
Heath Johns
On Tue, Feb 27, 2001 at 06:08:04PM -0500, Tom Lane wrote:
> Heath Johns <public@elesi.org> writes:
> > First off, thank you for your reply. I have an additional problem
> > however. I have many stunnels (ssh like tcp tunnels) coming into this
> > box that communicate with pgsql, all of which I need to password
> > authenticate. They obviously only work on tcp sockets. If I were to
> > ident them, it would surely come back with the owner of the stunnel.
> > Also, these tunnels map an external port to localhost, so I cannot do
> > host based authentication.
>
> Okay, that is a little bit messy.
>
> > I would be more than happy if the situation were reversed, with unix
> > users not requiring a password, and all tcp connections being password
> > authenticated (which would seem to me the more logical arangement).
> > Unfortunately, there appears to be no way to do this.
>
> Um, the users coming in through stunnels must reach the postmaster via
> TCP, no? Or are they first logging into local shells and then running
> psql locally? If they do use TCP connections then it seems like
>
> local all trust
> host all 127.0.0.1 255.255.255.255 password
>
> will do what you just said. The local users just have to be careful
> not to set PGHOST ...
>
> regards, tom lane