-
From: Bruce Momjian [mailto:[EMAIL PROTECTED]
Sent: den 17 juli 2004 03:11
To: Magnus Hagander
Cc: [EMAIL PROTECTED]
Subject: Re: [PATCHES] initdb authentication
I got a new idea on this. I think we should add an initdb option that
takes a string to specify the local authentication
Ok, here is another one.
Doc patches coming up if/when this one is approved.
//Magnus
+ /* Kerberos methods not listed because they are not supported
+* over local connections and are rejected in hba.c */
Is this true of all local connections, or only Unix socket
Peter Eisentraut wrote:
Magnus Hagander wrote:
Ok, here is another one.
Doc patches coming up if/when this one is approved.
I think this warning is seriously going to annoy me. Can we do without
it?
What if we skip the warning if the user specifically asks for 'trust'?
Would that
This one makes it mandatory to pick some kind of
authentication. If
that's not wanted, it's easy to change it to default to
trust (which
I think is wrong, but we've been through that already..)
I don't think I like any of this. Sooner rather than later, people
need to look
Here's a version of this patch that includes documentation updates.
//Magnus
-Original Message-
From: Magnus Hagander
Sent: den 15 juli 2004 23:02
To: [EMAIL PROTECTED]
Subject: [PATCHES] initdb authentication
Ok, here is one more try at the initdb default authentication stuff
.
---
Magnus Hagander wrote:
Here's a version of this patch that includes documentation updates.
//Magnus
-Original Message-
From: Magnus Hagander
Sent: den 15 juli 2004 23:02
To: [EMAIL PROTECTED]
Subject: [PATCHES] initdb authentication
Ok, here is one more
Ok, here is one more try at the initdb default authentication stuff.
This one adds the switches --ident and --trust, which will configure
pg_hba.conf with ident and trust authentication respectively. If trust
authentication is selected, a warning is written to pg_hba.conf. The old
switches for
Magnus Hagander wrote:
This one makes it mandatory to pick some kind of authentication. If
that's not wanted, it's easy to change it to default to trust (which
I think is wrong, but we've been through that already..)
I don't think I like any of this. Sooner rather than later, people need
to
Peter Eisentraut wrote:
Magnus Hagander wrote:
This one makes it mandatory to pick some kind of authentication. If
that's not wanted, it's easy to change it to default to trust (which
I think is wrong, but we've been through that already..)
I don't think I like any of this. Sooner
On Thu, Jul 15, 2004 at 11:20:46PM +0200, Peter Eisentraut wrote:
Magnus Hagander wrote:
This one makes it mandatory to pick some kind of authentication. If
that's not wanted, it's easy to change it to default to trust (which
I think is wrong, but we've been through that already..)
I
Bruce Momjian [EMAIL PROTECTED] writes:
I think the basic problem is that right now there is no way to do an
initdb and have it be secure _before_ you edit pg_hba.conf. That isn't
acceptable. If I am on an insecure machine, the window if time between
initdb and editing of pg_hba.conf is
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
I think the basic problem is that right now there is no way to do an
initdb and have it be secure _before_ you edit pg_hba.conf. That isn't
acceptable. If I am on an insecure machine, the window if time between
initdb and editing
12 matches
Mail list logo