> No; passwords in this are held in clear (but pg_shadow is only visible
> to the superuser).
OK for the stored password (stored uncrypted in pg_shadow/pg_pwd, unreadable by
anybody).
> But the PGDATA directory itself has permissions rwx------, so only the
> postgres superuser can access any files under it. So, in fact, there is
> not a problem.
In my installation, though, /var/lib/pgsql is chmod 755, which makes it world
readable, but I don't know if it is due to PG 6.3.x installed with RH5.2, or various
upgrades I did (6.5?1, 6.5.2) with RPM files without deleting this directory.
> >* is there a mean to allow crypted password connection for just a known user
> > form a known host (like if I use the password+file scheme in the pg_hba
> >.conf file, with a password file for each registered user)
>
> You can restrict access to particular hosts in pg_hba.conf; but you are
> doing this already - perhaps I don't understand the question.
Using "host all 192.168.200.23 255.255.255.255 password
passwd.auch", I can set different password files, in order to let specific user
connect only from specific host.
The question was : is there a way, using the crypt type of authentication, to let only
**one** user connect from one host, and not **any** user listed in pg_shadow) from
this host ?
As the protocol between the client and the server first sends IP/user/database, it
should be good if the access control could check for all this stuff, and not only
IP/database, as the pg_hba.conf allows it.
Maybe this could be another TYPE of connection, along with "local" and "host" : let's
say "user", with the following definition :
TYPE DATABASE USER IP_ADDRESS MASK
USERAUTH MAP
user web_db nhuillard 192.168.200.21 255.255.255.255 crypt
TIA to all,
Nicolas Huillard
-----Message d'origine-----
De: Oliver Elphick [SMTP:[EMAIL PROTECTED]]
Date: mardi 12 octobre 1999 22:32
�: Nicolas Huillard
Cc: '[EMAIL PROTECTED]'
Objet: Re: [ADMIN] Secure connections to Postgres
Nicolas Huillard wrote:
>Hello,
>
>I am trying to setup a secure scheme for the database access, for my web ser
>vers, modifying pg_hda.conf.
>What I want is :
>* the connection from the http server is authenticated, from another host,
>* the connection is allowed with crypted password for the Postgres superuser
>, from well-known hosts
>* security for the local access is left to the other levels (telnet, rexec,
>etc) : no password required
>* some people must have access to specific databases on the server, with an
>ODBC connection
>
>I modified the pg_hba.conf file this way, but I cannot figure out the way cr
>ypted password work :
>* must I store crypted passwords in the pg_shadow table ?
No; passwords in this are held in clear (but pg_shadow is only visible
to the superuser).
>* is there a mean to allow crypted password connection for just a known user
> form a known host (like if I use the password+file scheme in the pg_hba
>.conf file, with a password file for each registered user)
You can restrict access to particular hosts in pg_hba.conf; but you are
doing this already - perhaps I don't understand the question.
>* is the psql program send encrypted passwords if needed ? (as I can test th
>e connections using it)
The use of crypt can only be specified in pg_hba.conf, which (I think)
applies only to network connections. (Is that right, anyone?)
>The active lines from pg_hba.conf file looks like :
>local all trust
>host all 192.168.200.23 255.255.255.255 password pass
>wd.auch
>host all 192.168.200.22 255.255.255.255 crypt
>
>With this file, I can connect from 192.168.200.22 to 192.168.200.23 (the dat
>abase resides on this machine), with "psql -h auch -u", typing the usern
>ame/password as stored in the pg_shadow table :
>
>nhuillard=> select * from pg_shadow;
>usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd |valuntil
>
>---------+--------+-----------+--------+--------+---------+-------+---------
>-------------------
>postgres | 40|t |t |t |t | |Sat Jan 3
>1 07:00:00 2037 CET
>nhuillard| 501|t |t |t |t |thepass|
>
>
>When I type the password "thepass", with the crypt security, I can access th
>e database. When I type the same password "thepass", with the password s
>ecurity, I also have access to the database. This would means that the p
>assword is stored uncrypted in pg_shadow, and limited to alphanum charac
>ters.
That is correct; crypt applies only to transmission, not to storage.
>The pg_shadow table is also written to the pg_pwd file in the PG_DATA direct
>ory, readable by everybody : this means that there is no security on my
>Postgres installation ! This file is updated and chmod 666 each time I c
>hange the password with "ALTER USER".
But the PGDATA directory itself has permissions rwx------, so only the
postgres superuser can access any files under it. So, in fact, there is
not a problem.
--
Vote against SPAM: http://www.politik-digital.de/spam/
========================================
Oliver Elphick [EMAIL PROTECTED]
Isle of Wight http://www.lfix.co.uk/oliver
PGP key from public servers; key ID 32B8FAA1
========================================
"Blessed is the man who makes the LORD his trust,
who does not look to the proud, to those who turn
aside to false gods." Psalms 40:4
************
************
