Re: Authenticating user `postgres'

Keary Suska <hierophant@pcisys.net>

From: Keary Suska <hierophant@pcisys.net>
To: PostgreSQL <pgsql-general@postgresql.org>
Date: 2001-09-26T22:20:30Z
Lists: pgsql-general
Actually, you can, but I find it dubious from a security standpoint. You can
set the environment variables PGUSER and PGPASSWORD in your shell startup
script for the postgres user.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

> From: Tom Lane <tgl@sss.pgh.pa.us>
> Date: Wed, 26 Sep 2001 15:57:35 -0400
> To: Arcady Genkin <a.genkin@utoronto.ca>
> Cc: pgsql-general@postgresql.org
> Subject: Re: [GENERAL] Authenticating user `postgres'
> 
> Arcady Genkin <a.genkin@utoronto.ca> writes:
>> The problem I'm having is that I want local UNIX user `postgres', who
>> is the database superuser, to be able to connect to any database
>> without a password.
> 
> You can't make postgres' life any easier than you make it for anyone
> else coming from the same machine, because the authentication mechanism
> is chosen on the basis of the client machine and (possibly) the target
> database --- not on the basis of who the user is.  Offhand I'd think it
> foolish to make it easier to get into the superuser account than regular
> accounts anyway.
> 
> One possibility is to run an IDENT daemon and allow ident-authenticated
> connections from 127.0.0.1.  Then "pg_dumpall -h localhost" would work
> without a password.  Trusting other people's IDENT daemons is widely
> considered a bad idea, but I see no reason not to trust your own.
> 
> regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html
>