On Monday 12 July 2004 17:10, Merlin Moncure wrote: > IMO, forcing su password at initdb time (allowing blank password with a > very stern warning) and bumping localhost to auth is the right way to > go. As far as RPM's, etc. I don't think RPM considerations should be > driving security concerns.
FWIW, the RPMs default to ident authentication, and trust is off. This is however done as a patch to the sample pg_hba.conf. A command line switch to initdb to mung up an ident default would be fine with me, though. -- Lamar Owen Director of Information Technology Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly