Re: Paul Gevers 2016-08-23 <08bfe08d-1fb9-c8cc-9a35-1f309dce1...@debian.org> > Hi Christoph(s),
:) > > simple mode: assume a default config cluster, i.e. OS user "postgres", > > database user "postgres", unix socket in /var/run/postgresql/. > > Sure, this works for setting up things and is what is being done, but > most programs will not be the postgres user when connecting (and mapping > to postgres also sounds like a bad idea). So the simple mode has to > still set things up correctly for the final (system) user. Currently it > uses TCP/IP and password authentication as default because (quoting the > template): "typically the system username doesn't match the database > username". It seems this default works OK(ish). I haven't seen complains > on this front yet. Oh right, I was only thinking about the initial connection for creating that user. (Though I guess if you create that user yourself, you don't need to prompt for anything in the "simple and fast" mode.) > > If you unconditionally run the database commands as OS user > > "postgres", you don't even need to prompt the user for that variable. > > On local systems, postgres it detected and used (by default). However, I > need the prompt because the database may be on a different host. Or do > you mean to say that even for remote connections, I could just make the > connection as postgres user. How about (yes unsafe) ident authentication? IMHO forget about "ident" please, I haven't seen anyone use that since the 90ies (and that was for IRC back then). The local OS user shouldn't matter for remote connections. Christoph
