Hi,
docs say (19.2.1):
When trust authentication is specified, PostgreSQL assumes that anyone who
can connect to the server is authorized to access the database as whatever
database user he specifies (including the database superuser). This method
should only be used when there is adequate operating system-level
protection on connections to the server.
but nowadays one can specify users in pg_hba.conf, and 19.1 says:
user
Specifies which PostgreSQL users this record matches. The value all
specifies that it matches all users. Otherwise, this is the name of a
specific PostgreSQL user. Multiple user names can be supplied by
separating them with commas. Group names can be specified by preceding
the group name with +. A file containing user names can be specified by
preceding the file name with @. The file must be in the same directory
as pg_hba.conf.
Which of these is right? I hope the last also holds for 'trust' lines?
(and yes, i know you don't want to use this :-))
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_ http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org 10  1770 
On Thu, Jan 22, 2004 at 03:33:05PM +0100, Henk van Lingen wrote:
but nowadays one can specify users in pg_hba.conf, and 19.1 says:
one other thing about this:
the pg_hba.conf shipped with 7.4.1 PGDG RPMs for RHEL 3 has:
# CAUTION: The default configuration allows any local user to connect
# using any PostgreSQL user name, including the superuser, over either
# Unix-domain sockets or TCP/IP. If you are on a multiple-user
# machine, the default configuration is probably too liberal for you.
# Change it to use something other than "trust" authentication.
but the only active line is:
local all all ident sameuser
which seems not quit what was said above, to me.
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_ http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
Henk van Lingen <he****@cs.uu.n l> writes: the pg_hba.conf shipped with 7.4.1 PGDG RPMs for RHEL 3 has:
# CAUTION: The default configuration allows any local user to connect
# using any PostgreSQL user name, including the superuser, over either
# Unix-domain sockets or TCP/IP. If you are on a multiple-user
# machine, the default configuration is probably too liberal for you.
# Change it to use something other than "trust" authentication.
Which is correct for a stock built-from-source installation.
but the only active line is:
local all all ident sameuser
which seems not quit what was said above, to me.
The RPM distribution changes the default authentication setup. Seems
like that patch ought to adjust the comments too ... Lamar?
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
On Thu, Jan 22, 2004 at 15:33:05 +0100,
Henk van Lingen <he****@cs.uu.n l> wrote: Hi,
docs say (19.2.1):
When trust authentication is specified, PostgreSQL assumes that anyone who
can connect to the server is authorized to access the database as whatever
database user he specifies (including the database superuser). This method
should only be used when there is adequate operating system-level
protection on connections to the server.
but nowadays one can specify users in pg_hba.conf, and 19.1 says:
user
Specifies which PostgreSQL users this record matches. The value all
specifies that it matches all users. Otherwise, this is the name of a
specific PostgreSQL user. Multiple user names can be supplied by
separating them with commas. Group names can be specified by preceding
the group name with +. A file containing user names can be specified by
preceding the file name with @. The file must be in the same directory
as pg_hba.conf.
Which of these is right? I hope the last also holds for 'trust' lines?
Both. The second part says that in pg_hba.conf you can say which postgres
users can connect to which databases. The first part says that trust
authentication says that postgres will allow you to be whatever user you
want without having to prove it in any way.
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org
On Thu, Jan 22, 2004 at 11:00:25AM -0600, Bruno Wolff III wrote: docs say (19.2.1):
When trust authentication is specified, PostgreSQL assumes that anyone who
can connect to the server is authorized to access the database as whatever
database user he specifies (including the database superuser). This method
Which of these is right? I hope the last also holds for 'trust' lines?
Both. The second part says that in pg_hba.conf you can say which postgres
users can connect to which databases. The first part says that trust
authentication says that postgres will allow you to be whatever user you
want without having to prove it in any way.
Well, i think the first part is misleading. Trying it it seems to work
as i hoped. If i have a line like
host somedb bruno 192.168.5.5 255.255.255.255 trust
bruno can connect from 192.168.5.5 but tom can't.
I think the first part should say 'as the users specified in the specific
pg_hba.conf line without doing further checks'.
Never mind.
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_ http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
On Thu, Jan 22, 2004 at 18:11:36 +0100,
Henk van Lingen <he****@cs.uu.n l> wrote:
host somedb bruno 192.168.5.5 255.255.255.255 trust
bruno can connect from 192.168.5.5 but tom can't.
It isn't clear whether you are referring to postgres or OS users above.
The OS user tom can connect as the postgres user bruno from 192.168.5.5.
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
On Thu, Jan 22, 2004 at 11:56:10AM -0600, Bruno Wolff III wrote:
host somedb bruno 192.168.5.5 255.255.255.255 trust
bruno can connect from 192.168.5.5 but tom can't.
It isn't clear whether you are referring to postgres or OS users above.
The OS user tom can connect as the postgres user bruno from 192.168.5.5.
Of course, I was referring to postgres users. I think the doc can be
clearer. If you disagree, never mind :-)
Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_ http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
I know I can write plpgsql functions that return sets.
Does postgres support returning multiple sets from a function?
Bill McMilleon
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postg resql.org so that your
message can get through to the mailing list cleanly bi************* ******@mcmilleo n.com wrote: I know I can write plpgsql functions that return sets.
Does postgres support returning multiple sets from a function?
No.
Joe
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postg resql.org so that your
message can get through to the mailing list cleanly
<bi************ *******@mcmille on.com> writes: Does postgres support returning multiple sets from a function?
Not directly. You can fake it in some cases by returning several open
cursors and expecting the caller to fetch from those cursors. However,
if you can't write SQL queries that can be executed to return each of
the needed return sets, you're out of luck --- there's nothing so
flexible as RETURN NEXT.
I don't think this is an unfixable limitation; the needed mechanisms
all exist, it's a matter of figuring out what a reasonable syntactic
representation would look like. Any thoughts?
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Steven Stern |
last post by:
I'm looking for a way to force basic http autentication from within a PHP
script.
Here's the situation:
I have an exisiting system that first authenticates people via the aMemberPro
package. In the "old days", aMemberPro then moved the user to a page inside a
directory protected with .htaccess basic authentication. It used the URL
format http://name:password@server.directory.page.html. When the IE6 update
came out, this syntax no...
|
by: jsWalter |
last post by:
I have an extension Class to Auth and I'm looking for some folks to hammer
on it a bit and give feed back.
Class: AuthUser
- add user (well, Auth does that now, so its gone)
- remove user (well, Auth does that now, so its gone)
- change password (well, Auth does that now, so its gone)
- case sensitive ID match - some DBS don't
- limit login attempts (as far as it can go on a browser)
- return to original page after login
|
by: Mark Carter |
last post by:
I'm trying to create a mail server in Twisted.
I either get
SMTPSenderRefused
or
SMTPException: SMTP AUTH extension not supported by server.
What do I need to do to get it to work?
|
by: David Geller |
last post by:
Hi,
I had been using smptlib to send email via my covad relay previously (several months ago), and it worked fine. Covad requires authentication, and this was accomplished fine with smtp.login(usrname, pwd).
Today when I tried the program, it stopped working. Using the smtp debug option, I determined that when
send: 'AUTH PLAIN abcdef\r\n'
I would get the exception:
|
by: Ciaran McAuliffe |
last post by:
Hey,
I have a bit of a tricky problem, here is a quick overview. I have a
website which connects to a webservice, this web service is a front for
access to the Reporting Services Web Service, the middle web service just
provides some simpler functions for creating reports on the fly.
The initial web site is set up to use windows auth and to impersonate. The
middle web service is set up to use windows auth but not to impersonate and...
| | |
by: 23s |
last post by:
I had this problem in the past, after a server reformat it went away, and
now after another server reformat it's back again - no clue what's doing it.
Here's the flow:
Website root is public, no SSL no forms auth. One of the subfolders in the
public area is the root of a "protected" area; SSL is required from this
subfolder on forward and a web.config in the subfolder specifies forms
authentication. From the public area, I provide a...
|
by: kevin bailey |
last post by:
I have a framework working where I have multiple pages each checking the
authentication status.
Unauthorised users are redirected to a login page - otherwise the requested
page is shown.
Now my question is just to get a little clarification.
On the login page I create and object of type Auth
|
by: kevin bailey |
last post by:
I have used the PEAR Auth package to successfully set up authentication.
<code>
// Details of where the authentication details are stored.
$options = array(
'dsn' ="pgsql://graphicomm2:pw@localhost/graphicomm2",
'table' ="v_active_users",
'usernamecol' ="f_email",
'passwordcol' ="f_password",
|
by: hakan |
last post by:
I've started playing with the Auth module, and I have a quick question
before I go any deeper. Is it possible to embedd the Auth login form
in an HTML page? I would like to put a login form in a sidebar of a
page. The problem seems to be that Auth relies on sessions, which
causes problems when the start() function sends header information.
Any suggestions and examples would be welcome.
/H
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
