Обсуждение: RE: [GENERAL] Another access control query
You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users you wantto be able to connect from the servip to the dbX. The lines in pg_hba looks like : host bd1 serverip1 netmask password password.username1 host bd2 serverip2 netmask password password.username2 You can create the "password.*" files using the pg_passwd command. This way, passwords are stored in files rather than in the pg_shadow table, and you cannot use the "crypt" authmode. It seems that ODBC access from remote workstations can't use the crypt authmode, so it is not a real problem. Can someonetell me if it's true ? Second problem : you must set the suer password in both the pg_shadow table (using psql), and the passwd.* files (using pg_passwd). Yours, Nicolas Huillard -----Message d'origine----- De: Mark Jewiss [SMTP:Mark.Jewiss@knowledge.com] Date: jeudi 14 octobre 1999 16:50 À: pgsql-general@postgreSQL.org Objet: [GENERAL] Another access control query Hello, Similar to other questions I've seen posed in the last day or so, apologies if this exact question has been asked, I don't think it has. I want to restrict access to a set of databases to connections from a specfic machine and a specific user. Lines in my pg_hba.conf file are similar to this: host db1 serverip netmask password Effectively what I want to do is have something like: host db1 username1 serverip netmask password host db2 username2 serverip netmask password thereby ensuring that it is not possible for user2 to connect to db1 from the same machine. I know I can set up the different db's so that table security only gives any access to the user I want, but that is fiddly. Being able to do the above and prevent connections to the database will resolve that issue. Any ideas? Regards, Mark. -- Mark Jewiss Knowledge Matters Limited http://www.knowledge.com ************
Hello, On Thu, 14 Oct 1999, Nicolas Huillard wrote: > You can add a filename to the "password" keyword. Thsi filename contains the username/crypted password of the users youwant to be able to connect from the servip to the dbX. > The lines in pg_hba looks like : > host bd1 serverip1 netmask password password.username1 > host bd2 serverip2 netmask password password.username2 This is pretty cool, thanks for pointing it out. Does the documentation still need doing for this, or is my set out of date? Also, can you specify a path to the password file? I've tried this, but can't get it to work, so am assuming not, and that it has to be in the same directory as the pg_hba.conf file, but just want to check. Regards, Mark. -- Mark Jewiss Knowledge Matters Limited http://www.knowledge.com