Subject: Re: identd with NAT and IPv6 support.
To: Henry B. Hotz <hotz@jpl.nasa.gov>
From: Jim Wise <jwise@draga.com>
List: netbsd-users
Date: 04/02/2002 15:14:56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 Apr 2002, Henry B. Hotz wrote:

>One of the easy ways to configure PostgreSQL is to use identd to
>identify the user when the request comes from the same machine as the
>server is running on.  All the other ways of authenticating a user
>connection are a real pain in comparison.  This is a standard
>application, compiled as provided.

An even easier way to configure postgresql is to not require
authentication at all.  And it's just as secure as what you suggest.

More seriously, encrypted password support in PostgreSQL is just not
that hard, and the fact that you can do a hack like the above is not an
excuse not to use it.

>I've always considered that if I couldn't trust the machine I was
>running on then I was pretty much hosed anyway.  CFS doesn't prevent
>root from seeing your data files, nor Kerberos prevent root from
>impersonating you.

Fine.  Than since you trust `the machine', I assume you use .rhosts all
over the place?  IP addresses are not hard to forge...

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8qhFEN71lEcOYcw4RAq7YAJkBgmdfmKkIRgBVXy67OxeOhUjw2QCfZEJQ
6Mc4ZlQ1d82K6uLmO2QQdoI=
=csBX
-----END PGP SIGNATURE-----