Subject: Re: identd with NAT and IPv6 support.
To: Henry B. Hotz <>
From: Greg A. Woods <>
List: tech-net
Date: 04/02/2002 16:47:23
[ On Tuesday, April 2, 2002 at 12:08:15 (-0800), Henry B. Hotz wrote: ]
> Subject: Re: identd with NAT and IPv6 support.
> One of the easy ways to configure PostgreSQL is to use identd to 
> identify the user when the request comes from the same machine as the 
> server is running on.  All the other ways of authenticating a user 
> connection are a real pain in comparison.  This is a standard 
> application, compiled as provided.

Yes indeed!

Unfortunately PostgreSQL cannot (yet) deal with more arbitrary IDENT
reply formatting and encryption using a shared secret....

> I've always considered that if I couldn't trust the machine I was 
> running on then I was pretty much hosed anyway.  CFS doesn't prevent 
> root from seeing your data files, nor Kerberos prevent root from 
> impersonating you.

Be careful how you deploy this particular application of IDENT though.
It's not just the systems you have to trust, but the network as well....

								Greg A. Woods

+1 416 218-0098;  <>;  <>;  <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>