Discussion:
pg_hba.conf and postgresql 7.2
(too old to reply)
a***@real-time.com
2004-02-03 18:48:34 UTC
Permalink
New to postgresql...I've done a lot of google-searching and searching of
the pgsql archives but haven't found much...


I'm trying to configure pg_hba.conf so that:

1. using a local connection, user postgres does not require a password for any database
2. using a local connection, all other users require password for all
databases

We are running debian stable so we have postgresql 7.2 From what I
understand, the syntax of pg_hba.conf changed with 7.3, making it easier
to do what I want to above. With 7.3, I would do this I think:

local all postgres trust
local all md5

Is there a way to accomplish this with version 7.2?

If not, I was planning on setting a password for user postgres. However,
in that case, what's the easiest way for backup scripts, etc, running as
user postgres to be passed the password?

Are there any online documents for recommended ways of configuring
pg_hba.conf with security in mind?

Thanks for your help.
--
Amy Tanner
***@real-time.com

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org
Bruno Wolff III
2004-02-03 20:18:08 UTC
Permalink
On Tue, Feb 03, 2004 at 12:48:34 -0600,
Post by a***@real-time.com
New to postgresql...I've done a lot of google-searching and searching of
the pgsql archives but haven't found much...
1. using a local connection, user postgres does not require a password for any database
2. using a local connection, all other users require password for all
databases
We are running debian stable so we have postgresql 7.2 From what I
understand, the syntax of pg_hba.conf changed with 7.3, making it easier
local all postgres trust
local all md5
Is there a way to accomplish this with version 7.2?
I don't believe you can do it with 7.2. The first rule that matches
on database, connection type and IP address applies. So you can't
have different authentication methods for different database users.
Post by a***@real-time.com
If not, I was planning on setting a password for user postgres. However,
in that case, what's the easiest way for backup scripts, etc, running as
user postgres to be passed the password?
You might look at using ident authentication and a sameuser mapping.
Whether this will work for you or not depends on how OS users relate
to DB users.

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Loading...