agora inbox for [email protected]  
help / color / mirror / Atom feed
From: Josh Berkus <[email protected]>
To: Tom Lane <[email protected]>
To: Andrew Dunstan <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: Alvaro Herrera <[email protected]>
Cc: Volker Aßmann <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Disabling trust/ident authentication configure option
Date: Wed, 06 May 2015 15:41:28 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <WM!166b48023e720856eea587c0ad127e5181882abf659ccd483360b19f27293d1addb1d058c6dbdafcbaa946420b35a64b!@asav-3.01.com>
References: <[email protected]>
	<CA+Tgmobjmp1gDh4eDCSDGMpBF2rPph80108hXWgT7DStcxQb9g@mail.gmail.com>
	<CAJBpAdwvUaK55HCB8FEkzt2GO5cMvwcPmNeqqZThT-=Ra-G6XA@mail.gmail.com>
	<CA+TgmoYFWGoZVCRVpgwGYSiZhY9PFkC0mrmnYy3acFJ=aU0eEw@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<CA+TgmoZMX3FvHnnXcuiTTuh=6WY2uW6=QmRWkkNdUwD1T5Zh6g@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<WM!166b48023e720856eea587c0ad127e5181882abf659ccd483360b19f27293d1addb1d058c6dbdafcbaa946420b35a64b!@asav-3.01.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-hackers>

On 05/06/2015 02:13 PM, Tom Lane wrote:
> Andrew Dunstan <[email protected]> writes:
>> (Personally I think there's a very good case for completely ripping out 
>> RFC1413 ident auth. I've not seen it used in a great long while, and 
>> it's always been a security risk.)
> 
> FWIW, I agree with that --- or at least making it a not-built-by-default
> option.

I have seen it in the last year, actually, but only once, which even for
my personal pool represents < 1% usage.  So ...

> Probably the right time to make any such changes is at the same time
> we add the proposed more-secure-than-MD5 password option.

+1 to kill off ident when we replace MD5, since users will need to be
beaten over the head about changes to auth methods anyway.

-- 
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com


-- 
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers



view thread (62+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Disabling trust/ident authentication configure option
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox