postgresql's 502.pgsql periodic script and passwords

George Hartzell hartzell at
Tue Jan 30 18:38:53 UTC 2007

Michael Fuhr writes:
 > On Mon, Jan 29, 2007 at 09:23:52AM -0500, Bill Moran wrote:
 > > In response to George Hartzell <hartzell at>:
 > > > I've "solved" the problem by creating a ~pgsql/.pgpass file with the
 > > > pgsql users password.
 > > > 
 > > > Is there a better way?
 > > 
 > > Depends.  Do you allow untrusted users to log in to that machine?  If
 > > so, then you've probably got the best approach.  Make sure that .pgpass
 > > file is chmoded 600
 > Another possibility would be to use the "ident" method over a local
 > (i.e., Unix-domain) socket.  You'd be authenticating via SO_PEERCRED;
 > no .pgpass file would be necessary.

I saw a reference to that via google, and tried it as sketched, but it
didn't fly.  It seemed to involve pg_hga.conf, a pg_ident.conf,

Can you describe a known-working configuration?

Would this be somehow more secure or flexible (aka "better") than the
.pgpass solution?



More information about the freebsd-ports mailing list