Postgres Pro
Downloads
Home   >   mailing lists

Thread: pg_hba.conf authorization question

pg_hba.conf authorization question

From
"Reid Thompson"
Date:
Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be allowed to users created using createuser verified by the password that was set during the creatuser process.  The user and password do NOT correlate to system users(linux host).  Connections will be both local and TCP based. 
Rather than the open to everyone entries that I have in pg_hba.conf below, what should the entries look like under
 
# TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE  AUTH_ARGUMENT
local      all                                          trust
host       all         127.0.0.1     255.255.255.255    trust
host       all         192.168.100.0 255.255.255.0      trust
 
Thanks,
reid

Re: pg_hba.conf authorization question

From
Thomas Beutin
Date:
On Fri, Dec 13, 2002 at 11:25:00AM -0500, Reid Thompson wrote:
> Could someone give me guidance on the following.
> I would like to configure the DB such that connections will only be
> allowed to users created using createuser verified by the password that
> was set during the creatuser process.  The user and password do NOT
> correlate to system users(linux host).  Connections will be both local
> and TCP based.
> Rather than the open to everyone entries that I have in pg_hba.conf
> below, what should the entries look like under
>
> # TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE
> AUTH_ARGUMENT
> local      all                                          trust
> host       all         127.0.0.1     255.255.255.255    trust
> host       all         192.168.100.0 255.255.255.0      trust
AFAIK the AUTH_TYPE "trust" doesn't look for password but let the
user connect. IMHO the AUTH_TYPE "md5" compares the given password
with that stored in pg_shadow.
But i've never tried...

Greetings,
-tb
--
Thomas Beutin                             tb@laokoon.IN-Berlin.DE
Beam me up, Scotty. There is no intelligent live down in Redmond.

Re: pg_hba.conf authorization question

From
Çagil Seker
Date:
 
Either md5 or password will work. But I'd recommend md5 for security reasons. That will send passwords using encryption (double). Also note that in order to this work every user must have a password set in pg_shadow. Also set security = true in postgresql.conf. And use "alter user 'myuser' set encrypted password 'password'" command to set passwords.
 
# TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE  AUTH_ARGUMENT
local      all                                          md5
host       all         127.0.0.1     255.255.255.255    md5
host       all         192.168.100.0 255.255.255.0      md5

Regards,

Çağıl ŞEKER
-----------------
"Yes, I am a criminal. My crime is that of outsmarting you. Something that you'll never forgive me for!" - The Mentor'86 (Hacker's Manifesto)
-----------------


-----Original Message-----
From: Reid Thompson [mailto:Reid.Thompson@ateb.com]
Sent: 13 Aralık 2002 Cuma 18:25
To: pgsql-general@postgresql.org
Subject: [GENERAL] pg_hba.conf authorization question

Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be allowed to users created using createuser verified by the password that was set during the creatuser process.  The user and password do NOT correlate to system users(linux host).  Connections will be both local and TCP based. 
Rather than the open to everyone entries that I have in pg_hba.conf below, what should the entries look like under
 
# TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE  AUTH_ARGUMENT
local      all                                          trust
host       all         127.0.0.1     255.255.255.255    trust
host       all         192.168.100.0 255.255.255.0      trust
 
Thanks,
reid