Thread

  1. BUG #5457: dblink_connect now restricts non-superusers to password

    Chana Slutzkin <chana@cs.huji.ac.il> — 2010-05-11T07:21:07Z

    The following bug has been logged online:
    
    Bug reference:      5457
    Logged by:          Chana Slutzkin
    Email address:      chana@cs.huji.ac.il
    PostgreSQL version: 8.4
    Operating system:   FreeBSD 7.2
    Description:        dblink_connect now restricts non-superusers to password
    Details: 
    
    dblink in version 8.4 forces a non-superuser to connect using a password.
    I would prefer to use ident.
    
    
  2. Re: BUG #5457: dblink_connect now restricts non-superusers to password

    Jasen Betts <jasen@xnet.co.nz> — 2010-05-11T09:24:55Z

    On 2010-05-11, Chana Slutzkin <chana@cs.huji.ac.il> wrote:
    >
    > The following bug has been logged online:
    >
    > Bug reference:      5457
    > Logged by:          Chana Slutzkin
    > Email address:      chana@cs.huji.ac.il
    > PostgreSQL version: 8.4
    > Operating system:   FreeBSD 7.2
    > Description:        dblink_connect now restricts non-superusers to password
    > Details: 
    >
    > dblink in version 8.4 forces a non-superuser to connect using a password.
    > I would prefer to use ident.
    
    dblink runs on the back-end under the postgres user account. 
    identd (or postgres, or anoyone else who looks) is going to see 
    the user as postgres.
    
    
    
    
    
  3. Re: BUG #5457: dblink_connect now restricts non-superusers to password

    Bruce Momjian <bruce@momjian.us> — 2010-05-11T12:59:07Z

    Chana Slutzkin wrote:
    > 
    > The following bug has been logged online:
    > 
    > Bug reference:      5457
    > Logged by:          Chana Slutzkin
    > Email address:      chana@cs.huji.ac.il
    > PostgreSQL version: 8.4
    > Operating system:   FreeBSD 7.2
    > Description:        dblink_connect now restricts non-superusers to password
    > Details: 
    > 
    > dblink in version 8.4 forces a non-superuser to connect using a password.
    > I would prefer to use ident.
    
    I don't think ident is a good idea because the connection is coming from
    the database server, not the client.  The database server is always
    going to be user 'postgres'.  However, I assume pg_hba.conf could allow
    you do make this work somehow, but with little security.
    
    -- 
      Bruce Momjian  <bruce@momjian.us>        http://momjian.us
      EnterpriseDB                             http://enterprisedb.com