postgresql's 502.pgsql periodic script and passwords
George Hartzell
hartzell at alerce.com
Tue Jan 30 18:38:53 UTC 2007
Michael Fuhr writes:
> On Mon, Jan 29, 2007 at 09:23:52AM -0500, Bill Moran wrote:
> > In response to George Hartzell <hartzell at alerce.com>:
> > > I've "solved" the problem by creating a ~pgsql/.pgpass file with the
> > > pgsql users password.
> > >
> > > Is there a better way?
> >
> > Depends. Do you allow untrusted users to log in to that machine? If
> > so, then you've probably got the best approach. Make sure that .pgpass
> > file is chmoded 600
>
> Another possibility would be to use the "ident" method over a local
> (i.e., Unix-domain) socket. You'd be authenticating via SO_PEERCRED;
> no .pgpass file would be necessary.
I saw a reference to that via google, and tried it as sketched, but it
didn't fly. It seemed to involve pg_hga.conf, a pg_ident.conf,
and....
Can you describe a known-working configuration?
Would this be somehow more secure or flexible (aka "better") than the
.pgpass solution?
Thanks,
g.
More information about the freebsd-ports
mailing list