Hey.
On Fri, 2016-08-19 at 09:50 +0200, Paul Gevers wrote: > Would you agree with me, i.e. do you know the following to be true, > that > peer authentication requires Unix socket (localhost) This, I think, is the case: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html peer says: "This is only available for local connections." > and that Unix > socket requires peer identification for PostgreSQL? This is, I think, definitely not the case... at least "trust" and "reject" would work there as well, notice also that the socket is created as e.g.: srwxrwxrwx 1 postgres postgres 0 Aug 20 02:49 .s.PGSQL.5432 i.e. everyone can write/read. I haven't checked whether the other postgres-protocol-level auth methods work with sockets, but I would imagine that things like "md5", "password", probably "pam"... etc. would. > I tried the other day to have password authentication via the Unix > socket, but that failed: > root@sid:/# psql -U icinga234 -W > Password for user icinga234: > psql: FATAL: Peer authentication failed for user "icinga234" hmm what was your pg_hba.conf looking like? You should notice that postgres will IIRC always take the first possible matching rule in pg_hba.conf, so if you have: local all all peer local all all md5 it would always try peer. > By the way, I see that PostgreSQL has a lot more authentication > possibilities than when Sean invented dbconfig. I don't think I am > going > to support this on the short/mid term, but it may warrant improved > messages here and there. Well the problem is that supporting all these is probably quite difficult...OTOH, most of the others would be (IMO) much more beneficial than md5/password ;-) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
