Обсуждение: Bypassing authentication
Is there a way to have psql bypass authentication as joe if the system user running psql is postgres, the way su doesn't ask for password if you are root ? sudo -u postgres psql -l # psql doesn't ask for a password sudo -u postgres psql -u joe -l # psql asks for joe's password joe is just a PostgreSQL role with no system counterpart so the "local all all ident sameuser" catch-all in pg_hba.conf is of no help here. Thanks in advance. -- André Majorel http://www.teaser.fr/~amajorel/
Andre Majorel <aym-2lqsgp@teaser.fr> writes: > Is there a way to have psql bypass authentication as joe if the > system user running psql is postgres, the way su doesn't ask for > password if you are root ? Not per se, but you could set up an ident map that says postgres is allowed to log in as joe (and anybody else he needs to log in as). I think 9.0 will have some wildcard ability in ident maps, which'd save you from having to list a lot of roles in the map; but IIRC there is none in existing releases. regards, tom lane
On 2010-07-08 16:42 -0400, Tom Lane wrote: > Andre Majorel <aym-2lqsgp@teaser.fr> writes: > > Is there a way to have psql bypass authentication as joe if the > > system user running psql is postgres, the way su doesn't ask for > > password if you are root ? > > Not per se, but you could set up an ident map that says postgres > is allowed to log in as joe (and anybody else he needs to log in as). > > I think 9.0 will have some wildcard ability in ident maps, which'd > save you from having to list a lot of roles in the map; but IIRC > there is none in existing releases. Mmm... In an installation procedure, the less mucking about with pg_hba.conf, the better. A method that seems to work for me is to authenticate as a superuser and *then* become joe with SET ROLE : $ sudo -u postgres psql -At -c "SET ROLE 'joe'; SHOW IS_SUPERUSER;" off Thank you. -- André Majorel http://www.teaser.fr/~amajorel/
Andre Majorel wrote: > Is there a way to have psql bypass authentication as joe if the > system user running psql is postgres, the way su doesn't ask for > password if you are root ? > > sudo -u postgres psql -l # psql doesn't ask for a password > sudo -u postgres psql -u joe -l # psql asks for joe's password > > joe is just a PostgreSQL role with no system counterpart so the > "local all all ident sameuser" catch-all in pg_hba.conf is of no > help here. > > Thanks in advance. > In the home directory of user postgres create a .pgpass file localhost:*:*:joe:joepswd