Garick Hamlin wrote:
I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris. This patch basically just adds support for using
getupeercred() on Solaris so unix sockets and ident auth works just
like it does
Garick Hamlin wrote:
> On Thu, Jul 03, 2008 at 02:01:22PM -0400, Tom Lane wrote:
> > Garick Hamlin <[EMAIL PROTECTED]> writes:
> > > I have a patch that I have been using to support postgresql's
> > > notion of ident authentication when using unix domain sockets on
> > > Solaris. This patch
Florian,
I'd be *very* interested in how they come to that assessment. I'd have
thought that the only alternative to getpeereid/getupeercred is
password-based or certificate-based authenticated - which seem *less*
secure because a) they also rely on the client having the correct uid
or gid (to r
Josh Berkus wrote:
Tom,
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the "ident" IP
protocol.
The Solaris security & kernel folks do, actually. However,
Josh Berkus wrote:
Tom,
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the "ident" IP
protocol.
The Solaris security & kernel folks do, actually. Ho
Tom,
> Indeed. If the Solaris folk feel that getupeercred() is insecure,
> they had better explain why their kernel is that broken. This is
> entirely unrelated to the known shortcomings of the "ident" IP
> protocol.
The Solaris security & kernel folks do, actually. However, there's no
questi
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Robert Treat wrote:
>> Hmm... I've always been told that Solaris didn't support this because the
>> Solaris developers feel that IDENT is inherently insecure.
> We don't actually use the Ident protocol for Unix sockets on any
> platform.
Indeed. If
Robert Treat wrote:
On Thursday 03 July 2008 14:01:22 Tom Lane wrote:
Garick Hamlin <[EMAIL PROTECTED]> writes:
I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris. This patch basically just ad
On Thursday 03 July 2008 14:01:22 Tom Lane wrote:
> Garick Hamlin <[EMAIL PROTECTED]> writes:
> > I have a patch that I have been using to support postgresql's
> > notion of ident authentication when using unix domain sockets on
> > Solaris. This patch basically just adds support for using
> >
On Thu, Jul 03, 2008 at 02:01:22PM -0400, Tom Lane wrote:
> Garick Hamlin <[EMAIL PROTECTED]> writes:
> > I have a patch that I have been using to support postgresql's
> > notion of ident authentication when using unix domain sockets on
> > Solaris. This patch basically just adds support for
Garick Hamlin <[EMAIL PROTECTED]> writes:
> I have a patch that I have been using to support postgresql's
> notion of ident authentication when using unix domain sockets on
> Solaris. This patch basically just adds support for using
> getupeercred() on Solaris so unix sockets and ident auth
Hi,
I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris. This patch basically just adds support for using
getupeercred() on Solaris so unix sockets and ident auth works just
like it does on Linux and elsewh
12 matches
Mail list logo
