"Mark Mielke" <mark@mark.mielke.cc> writes:
> UNIX socket kernel credential passing was mentioned in an earlier post, but I
> didn't see it raised again.
I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential
passing. It just tells you what uid is on the other end of your unix domain
socket.
I think it's much more widespread and portable than credential passing which
was a BSD feature which allowed you to send along your kernel credentials to
another process. So you could, for example, open a file in psql then pass the
file descriptor to the backend to have the backend read directly from the
file.
-- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's RemoteDBA services!