Subject: Re: identd with NAT and IPv6 support.
To: Henry B. Hotz <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 04/02/2002 16:47:23
[ On Tuesday, April 2, 2002 at 12:08:15 (-0800), Henry B. Hotz wrote: ]
> Subject: Re: identd with NAT and IPv6 support.
> One of the easy ways to configure PostgreSQL is to use identd to
> identify the user when the request comes from the same machine as the
> server is running on. All the other ways of authenticating a user
> connection are a real pain in comparison. This is a standard
> application, compiled as provided.
Unfortunately PostgreSQL cannot (yet) deal with more arbitrary IDENT
reply formatting and encryption using a shared secret....
> I've always considered that if I couldn't trust the machine I was
> running on then I was pretty much hosed anyway. CFS doesn't prevent
> root from seeing your data files, nor Kerberos prevent root from
> impersonating you.
Be careful how you deploy this particular application of IDENT though.
It's not just the systems you have to trust, but the network as well....
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>; <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; VE3TCP; Secrets of the Weird <firstname.lastname@example.org>