在7.4中信任auth [英] trust auth in 7.4

问题描述

文档说（19.2.1）：


当指定信任身份验证时，PostgreSQL假定任何人

可以连接到服务器，有权访问数据库，无论他指定的数据库用户是什么（包括数据库超级用户）。这种方法

只应在与服务器连接时有足够的操作系统级

保护时使用。


但是现在可以在pg_hba.conf中指定用户，19.1说：


用户


指定此记录匹配的PostgreSQL用户。值all

指定它匹配所有用户。否则，这是特定PostgreSQL用户的名称。

可以用逗号分隔多个用户名。组名可以在前面指定

组名+。包含用户名的文件可以用@前面的文件名指定

。该文件必须位于同一目录中

为pg_hba.conf。


其中哪一项是正确的？我希望最后一句也适用于''信任''线？


（是的，我知道你不想用这个:-)）


问候，

-

Henk van Lingen，Systems&网络管理员（o- - +

乌特勒支大学计算机科学系./ \ |

电话：+ 31-30-2535278 v _ / _
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/


- --------------------------（广播结束）------------------- --------

提示1：订阅和取消订阅命令转到 ma *** ****@postgresql.org

解决方案

2004年1月22日星期四03:33:05 + 0100，Henk van Lingen写道：

但是现在可以在pg_hba.conf中指定用户，而19.1说：

另一件事：


7.4.1附带的pg_hba.conf RHEL 3的PGDG RPM有：


＃注意：默认配置允许任何本地用户使用任何PostgreSQL用户名连接

＃，包括超级用户，超过

#Unix-domain套接字或TCP / IP。如果您使用的是多用户

＃将其更改为使用trust之外的其他内容认证。


但唯一有效的行是：


本地所有同一个用户


这似乎没有放弃上面所说的对我来说。


问候，


-

Henk van Lingen，Systems&网络管理员（o- - +

乌特勒支大学计算机科学系./ \ |

电话：+ 31-30-2535278 v _ / _
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/


- --------------------------（广播结束）------------------- --------

提示9：如果您的

加入列的数据类型不匹配，规划人员将忽略您选择索引扫描的愿望br />

Henk van Lingen< he **** @ cs.uu.nl>写道：

pg_hba.conf发货7.4.1用于RHEL 3的PGDG RPM具有：
＃注意：默认配置允许任何本地用户使用任何PostgreSQL用户名连接
＃，包括超级用户，ove r
#Unix-domain套接字或TCP / IP。如果您使用的是多用户
＃机器，则默认配置对您来说可能过于宽松。
＃将其更改为使用信任以外的其他内容。认证。


这对于从源代码安装的库存来说是正确的。

但唯一有效的行是：
local all all ident sameuser <似乎没有放弃上面所述的内容，对我来说。

RPM分发更改了默认的身份验证设置。似乎

就像那个补丁一样也应该调整评论...... Lamar？


问候，tom lane


---------------------------（广播结束）----------------- ----------

提示7：别忘了增加你的免费空间地图设置

< blockquote> 2004年1月22日星期四15:33:05 + 0100，

Henk van Lingen< he **** @ cs.uu.nl>写道：

文档说（19.2.1）：

当指定信任身份验证时，PostgreSQL假定任何人
可以连接到服务器被授权访问数据库，无论他指定的数据库用户（包括数据库超级用户）。只有在与服务器连接时有足够的操作系统级保护时，才应使用此方法。

但现在可以在pg_hba.conf和19.1中指定用户说：

用户

指定此记录匹配的PostgreSQL用户。值all
指定它匹配所有用户。否则，这是特定PostgreSQL用户的名称。可以通过用逗号分隔它们来提供多个用户名。可以通过在组名前面加上+来指定组名。包含用户名的文件可以在文件名前面用
指定。该文件必须与pg_hba.conf位于同一目录中。

其中哪些是正确的？我希望最后一个也适用于''trust''线？

两者。第二部分说在pg_hba.conf中你可以说哪些postgres

用户可以连接到哪些数据库。第一部分表示信任

认证说postgres将允许你成为你想要的任何用户，而不必以任何方式证明它。


---------------------------（播出结束）------------ ---------------

提示1：订阅和取消订阅命令转到 ma ******* @ postgresql.org

Hi,

docs say (19.2.1):

When trust authentication is specified, PostgreSQL assumes that anyone who
can connect to the server is authorized to access the database as whatever
database user he specifies (including the database superuser). This method
should only be used when there is adequate operating system-level
protection on connections to the server.

but nowadays one can specify users in pg_hba.conf, and 19.1 says:

user

Specifies which PostgreSQL users this record matches. The value all
specifies that it matches all users. Otherwise, this is the name of a
specific PostgreSQL user. Multiple user names can be supplied by
separating them with commas. Group names can be specified by preceding
the group name with +. A file containing user names can be specified by
preceding the file name with @. The file must be in the same directory
as pg_hba.conf.

Which of these is right? I hope the last also holds for ''trust'' lines?

(and yes, i know you don''t want to use this :-))

Regards,
--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org

解决方案

On Thu, Jan 22, 2004 at 03:33:05PM +0100, Henk van Lingen wrote:

but nowadays one can specify users in pg_hba.conf, and 19.1 says:

one other thing about this:

the pg_hba.conf shipped with 7.4.1 PGDG RPMs for RHEL 3 has:

# CAUTION: The default configuration allows any local user to connect
# using any PostgreSQL user name, including the superuser, over either
# Unix-domain sockets or TCP/IP. If you are on a multiple-user
# machine, the default configuration is probably too liberal for you.
# Change it to use something other than "trust" authentication.

but the only active line is:

local all all ident sameuser

which seems not quit what was said above, to me.

Regards,

--
Henk van Lingen, Systems & Network Administrator (o- -+
Dept. of Computer Science, Utrecht University. /\ |
phone: +31-30-2535278 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column''s datatypes do not match

Henk van Lingen <he****@cs.uu.nl> writes:

the pg_hba.conf shipped with 7.4.1 PGDG RPMs for RHEL 3 has: # CAUTION: The default configuration allows any local user to connect
# using any PostgreSQL user name, including the superuser, over either
# Unix-domain sockets or TCP/IP. If you are on a multiple-user
# machine, the default configuration is probably too liberal for you.
# Change it to use something other than "trust" authentication.
Which is correct for a stock built-from-source installation.
but the only active line is:
local all all ident sameuser
which seems not quit what was said above, to me.

The RPM distribution changes the default authentication setup. Seems
like that patch ought to adjust the comments too ... Lamar?

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don''t forget to increase your free space map settings

On Thu, Jan 22, 2004 at 15:33:05 +0100,
Henk van Lingen <he****@cs.uu.nl> wrote:

Hi,

docs say (19.2.1):

When trust authentication is specified, PostgreSQL assumes that anyone who
can connect to the server is authorized to access the database as whatever
database user he specifies (including the database superuser). This method
should only be used when there is adequate operating system-level
protection on connections to the server.

but nowadays one can specify users in pg_hba.conf, and 19.1 says:

user

Specifies which PostgreSQL users this record matches. The value all
specifies that it matches all users. Otherwise, this is the name of a
specific PostgreSQL user. Multiple user names can be supplied by
separating them with commas. Group names can be specified by preceding
the group name with +. A file containing user names can be specified by
preceding the file name with @. The file must be in the same directory
as pg_hba.conf.

Which of these is right? I hope the last also holds for ''trust'' lines?

Both. The second part says that in pg_hba.conf you can say which postgres
users can connect to which databases. The first part says that trust
authentication says that postgres will allow you to be whatever user you
want without having to prove it in any way.

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org

这篇关于在7.4中信任auth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！