Nicolas Huillard wrote:
>Hello,
>
>I am trying to setup a secure scheme for the database access, for my web ser
>vers, modifying pg_hda.conf.
>What I want is :
>* the connection from the http server is authenticated, from another host,
>* the connection is allowed with crypted password for the Postgres superuser
>, from well-known hosts
>* security for the local access is left to the other levels (telnet, rexec,
>etc) : no password required
>* some people must have access to specific databases on the server, with an
>ODBC connection
>
>I modified the pg_hba.conf file this way, but I cannot figure out the way cr
>ypted password work :
>* must I store crypted passwords in the pg_shadow table ?
No; passwords in this are held in clear (but pg_shadow is only visible
to the superuser).
>* is there a mean to allow crypted password connection for just a known user
> form a known host (like if I use the password+file scheme in the pg_hba
>.conf file, with a password file for each registered user)
You can restrict access to particular hosts in pg_hba.conf; but you are
doing this already - perhaps I don't understand the question.
>* is the psql program send encrypted passwords if needed ? (as I can test th
>e connections using it)
The use of crypt can only be specified in pg_hba.conf, which (I think)
applies only to network connections. (Is that right, anyone?)
>The active lines from pg_hba.conf file looks like :
>local all trust
>host all 192.168.200.23 255.255.255.255 password pass
>wd.auch
>host all 192.168.200.22 255.255.255.255 crypt
>
>With this file, I can connect from 192.168.200.22 to 192.168.200.23 (the dat
>abase resides on this machine), with "psql -h auch -u", typing the usern
>ame/password as stored in the pg_shadow table :
>
>nhuillard=> select * from pg_shadow;
>usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd |valuntil
>
>---------+--------+-----------+--------+--------+---------+-------+---------
>-------------------
>postgres | 40|t |t |t |t | |Sat Jan 3
>1 07:00:00 2037 CET
>nhuillard| 501|t |t |t |t |thepass|
>
>
>When I type the password "thepass", with the crypt security, I can access th
>e database. When I type the same password "thepass", with the password s
>ecurity, I also have access to the database. This would means that the p
>assword is stored uncrypted in pg_shadow, and limited to alphanum charac
>ters.
That is correct; crypt applies only to transmission, not to storage.
>The pg_shadow table is also written to the pg_pwd file in the PG_DATA direct
>ory, readable by everybody : this means that there is no security on my
>Postgres installation ! This file is updated and chmod 666 each time I c
>hange the password with "ALTER USER".
But the PGDATA directory itself has permissions rwx------, so only the
postgres superuser can access any files under it. So, in fact, there is
not a problem.
--
Vote against SPAM: http://www.politik-digital.de/spam/
========================================
Oliver Elphick [EMAIL PROTECTED]
Isle of Wight http://www.lfix.co.uk/oliver
PGP key from public servers; key ID 32B8FAA1
========================================
"Blessed is the man who makes the LORD his trust,
who does not look to the proud, to those who turn
aside to false gods." Psalms 40:4
************
