* David Bear (David.Bear@xxxxxxx) wrote: > after reading through > http://www.postgresql.org/docs/8.0/static/auth-methods.html > > I'm still left wondering how to solve something that should be simple. > > Ident method looks like it might work. > > All I really want to do is prevent user jack, who is logged in and > properly authenticated to the system as jack, from connecting to pg as > user joe. I have kerb authentication working for all ssh connections > to the data base server. I don't want another layer of authentication > for postgresql. > > I'm currently using the trust method, but any user can connect to pg > as any other pg user. > > the trouble is that ident seems to be non existent in suse linux (at > least, it doesn't seem to be installed ) > > any pointers would be appreciated. You don't need identd to be installed to use ident over local unix sockets. Also, PostgreSQL supports Kerberos, so you could use krb5 instead of ident or trust. Trust isn't really an authentication mechanism, it's the lack of one. If you're only connecting locally over local unix domain sockets then you'd probably want ident. If you want to be able to authenticate over the network and you've already got Kerberos set up then you should probably use Kerberos to auth to Postgres too. Note that if you want to connect to Postgres locally using Kerberos you'll (of course) need to have an appropriate TGT on the box you're ssh'ing to. Kerberos is also supported by the ODBC driver and psql on Windows (if you use those). You can also get Kerberos authenticating working with PhpPgAdmin through Apache with a bit of hacking. Enjoy, Stephen
Attachment:
signature.asc
Description: Digital signature
