2018-07-13 9:01 GMT-03:00 Guillaume Lelarge <guilla...@lelarge.info>:
> 2018-07-13 13:57 GMT+02:00 <kpi6...@gmail.com>: > >> I’d like to disable the TRUST authentication method for certain servers >> where modification of pg_hba.conf and restarting a service is fairly easy >> for a number of users. >> >> >> >> I looked at this example https://wiki.postgresql.org/im >> ages/e/e3/Hooks_in_postgresql.pdf It appears that creating a >> ClientAuthentication_hook and call ereport(ERROR) in case that >> Port->HbaLine contains TRUST would do the job. Is that right? >> >> >> >> I am aware that this would not make the server entirely secure but it >> would make it at least a bit more difficult to enter. >> >> >> > > I'm not sure this is such a good idea. You may need the trust > authentication method, for example if you forgot the superuser password. > Otherwise, there's good chance you might use the ClientAuthentication hook > to do what you want. > > > If you're an server admin you can disable the extension (editing shared_pre_load_libraries GUC), change password and then enable the extension again... And maybe you can implement a simple way to enable/disable this hook inside the extension. Regards, -- Fabrízio de Royes Mello Timbira - http://www.timbira.com.br/ PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento
