Обсуждение: The easiest and robust way of configuring password pass through mechanism..
Hi,
I am aware of now almost all the authentication mechanisms that PostGreSQL supports. My basic requirement is to don't ask for password (allowed users in pg_hba file) when user connects to the server. What could be the easiest and robust method to configure this? I am looking for passing through the password so that users need not to enter it everytime they connects.
Thanks,
Dipti
I am aware of now almost all the authentication mechanisms that PostGreSQL supports. My basic requirement is to don't ask for password (allowed users in pg_hba file) when user connects to the server. What could be the easiest and robust method to configure this? I am looking for passing through the password so that users need not to enter it everytime they connects.
Thanks,
Dipti
Re: The easiest and robust way of configuring password pass through mechanism..
От
John R Pierce
Дата:
dipti shah wrote:
> Hi,
>
> I am aware of now almost all the authentication mechanisms that
> PostGreSQL supports. My basic requirement is to don't ask for password
> (allowed users in pg_hba file) when user connects to the server. What
> could be the easiest and robust method to configure this? I am looking
> for passing through the password so that users need not to enter it
> everytime they connects.
are your users on the same computer as the database server, and
connecting via unix socket as their unix account only? if so,
LOCAL ALL ALL IDENT SAMEUSER
(leave out SAMEUSER on 8.4, its implied with IDENT). this relies on
unix authentication, and unix user joe will only be able to connect as
database user joe.
or, if the users are connecting via tcp/ip from specific hosts, and you
can trust all users on those hosts
HOST ALL someusername some.ip.addr TRUST
or... if your users are always connecting via libpq. you can use
$HOME/.pgpasswd per
http://www.postgresql.org/docs/current/static/libpq-pgpass.html to
specify passwords, when you do this, the application programs won't need
to supply them. I don't know if this works with clients like JDBC,
however.
finally, you can use ssl client certificates, this is the most complex
to setup, see http://www.postgresql.org/docs/current/static/libpq-ssl.html
Thanks John for reply. Users can connect to database server in either way(from same computer or remote).
Currently by default all users are able to connect to database as pg_hba file has been configured to TRUST for all users.
I am planning to remove these all users and want only specific groups and users to connect to database server. I haven't configured the server so I don't know from where to start.
Thanks,
Dipti
On Mon, Feb 15, 2010 at 12:21 AM, John R Pierce <pierce@hogranch.com> wrote:
dipti shah wrote:are your users on the same computer as the database server, and connecting via unix socket as their unix account only? if so,Hi,
I am aware of now almost all the authentication mechanisms that PostGreSQL supports. My basic requirement is to don't ask for password (allowed users in pg_hba file) when user connects to the server. What could be the easiest and robust method to configure this? I am looking for passing through the password so that users need not to enter it everytime they connects.
LOCAL ALL ALL IDENT SAMEUSER
(leave out SAMEUSER on 8.4, its implied with IDENT). this relies on unix authentication, and unix user joe will only be able to connect as database user joe.
or, if the users are connecting via tcp/ip from specific hosts, and you can trust all users on those hosts
HOST ALL someusername some.ip.addr TRUST
or... if your users are always connecting via libpq. you can use $HOME/.pgpasswd per http://www.postgresql.org/docs/current/static/libpq-pgpass.html to specify passwords, when you do this, the application programs won't need to supply them. I don't know if this works with clients like JDBC, however.
finally, you can use ssl client certificates, this is the most complex to setup, see http://www.postgresql.org/docs/current/static/libpq-ssl.html
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general