Re: Permissions
От | Heath Johns |
---|---|
Тема | Re: Permissions |
Дата | |
Msg-id | 20010227184355.D54925@elesi.org обсуждение исходный текст |
Ответ на | Re: Permissions (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-novice |
Thanks again for responding. :) The solution that you posted would appear to be what I am looking for. However IIRC, I think I tried that. I logged into the unix account 'heath' and I did a psql -u and typed in 'postgres' at the user prompt. It believed me and let right on in. I kept on looking because I didn't like the idea of anyone who had a unix account, regardless how trivial, having what amounted to root access to the rmdbs. Under the circumstances, I believe that would be the best option though. Your help is much appreciated... Heath Johns On Tue, Feb 27, 2001 at 06:08:04PM -0500, Tom Lane wrote: > Heath Johns <public@elesi.org> writes: > > First off, thank you for your reply. I have an additional problem > > however. I have many stunnels (ssh like tcp tunnels) coming into this > > box that communicate with pgsql, all of which I need to password > > authenticate. They obviously only work on tcp sockets. If I were to > > ident them, it would surely come back with the owner of the stunnel. > > Also, these tunnels map an external port to localhost, so I cannot do > > host based authentication. > > Okay, that is a little bit messy. > > > I would be more than happy if the situation were reversed, with unix > > users not requiring a password, and all tcp connections being password > > authenticated (which would seem to me the more logical arangement). > > Unfortunately, there appears to be no way to do this. > > Um, the users coming in through stunnels must reach the postmaster via > TCP, no? Or are they first logging into local shells and then running > psql locally? If they do use TCP connections then it seems like > > local all trust > host all 127.0.0.1 255.255.255.255 password > > will do what you just said. The local users just have to be careful > not to set PGHOST ... > > regards, tom lane
В списке pgsql-novice по дате отправления: