Bug#321708: postgresql: provide better default authentication schemes

Sat, 06 Aug 2005 20:39:27 -0700 

Package: postgresql
Severity: wishlist

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi martin,

we've recently been having a lot of discussions on the
dbconfig-common-devel mailing list, and something that recently
came up was the default contents of pg_hba.conf.

currently, i believe that postgres defaults to using 'ident sameuser'
for all connections.  instead of doing so, it would be nice if
it had something like the following:

local   all     all                     ident sameuser
host    all     all     127.0.0.1       255.255.255.255 md5
# uncomment this to allow any remote computers to connect using passwords
#host   all     all     0.0.0.0 0.0.0.0 md5

so that local socket-based connections could use ident, but
remote connections defaulted to using passwords instead of the
insecure ident protocol.

what do you think?

        sean

- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages postgresql depends on:
ii  adduser          3.52                    Add and remove users and groups
ii  debconf          1.4.22                  Debian configuration management sy
ii  debianutils      2.8.1                   Miscellaneous utilities specific t
ii  libc6            2.3.2.ds1-22            GNU C Library: Shared libraries an
ii  libcomerr1-kerbe 1.2.2-3                 ComErr Libraries for Kerberos4 Fro
ii  libkrb5-17-heimd 0.6.1-1                 Libraries for Heimdal Kerberos
ii  libpam0g         0.76-19                 Pluggable Authentication Modules l
ii  libpq3           7.4.2-3                 Shared library libpq.so.3 for Post
ii  libreadline4     4.3-10                  GNU readline and history libraries
ii  libssl0.9.7      0.9.7d-1                SSL shared libraries
ii  mailx            1:8.1.2-0.20031014cvs-2 A simple mail user agent
pn  postgresql-clien                         Not found.
ii  python2.2        2.2.3dfsg-1             An interactive high-level object-o
ii  zlib1g           1:1.2.2-3               compression library - runtime

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC9X+2ynjLPm522B0RAgcUAJ0XB7w63XwEwCK4QQ4Q3MQBlN+HVgCeIoXm
evnb7soaI9WPxpsBieLKmsE=
=bou0
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to