Search Postgresql Archives

Re: Using both ident and password in pg_hba.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"D'Arcy J.M. Cain" <darcy@xxxxxxxxx> writes:
> Here's my situation.  I have a mix of users.  Some are running PHP
> sites and some are not.  PHP runs as the web server owner, "nobody."
> Everyone else runs as their own user.

> Since the PHP sites run as nobody I want to require password but accept
> ident (from the server I control) for the rest.  There does not appear
> to be a way to specif that.  Here was one attempt:

> host    all       nobody   192.168.151.75/32       password
> host    all       all      192.168.151.75/32       ident

> But that doesn't work.  The actual user according to ident is nobody
> but the request is for a specific user.  As a result it isn't
> recognized by the first line so it tries ident anyway and fails.

> Is there any way to accomplish what I want?  Any help appreciated.

If the same user id + database combinations might be valid in both cases
(from both PHP and manual connections) I think your only other option
for distinguishing which auth method to use is to make them come in on
different addresses.  Can you set up a secondary IP interface that only
the PHP server uses, for example?

There's no provision for saying "try this auth method, but if it fails,
try subsequent hba lines".  It might be interesting to have that,
particularly for methods like ident that don't involve any client
interaction.  (Otherwise, you're assuming that the client can cope
with multiple challenges, which seems like a large assumption.)
I don't have much of a feeling for how hard it would be to do in the
server.

			regards, tom lane


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux