agora inbox for [email protected]
help / color / mirror / Atom feedFrom: Josh Berkus <[email protected]>
To: Tom Lane <[email protected]>
To: Andrew Dunstan <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: Alvaro Herrera <[email protected]>
Cc: Volker Aßmann <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Disabling trust/ident authentication configure option
Date: Wed, 06 May 2015 15:41:28 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <WM!166b48023e720856eea587c0ad127e5181882abf659ccd483360b19f27293d1addb1d058c6dbdafcbaa946420b35a64b!@asav-3.01.com>
References: <[email protected]>
<CA+Tgmobjmp1gDh4eDCSDGMpBF2rPph80108hXWgT7DStcxQb9g@mail.gmail.com>
<CAJBpAdwvUaK55HCB8FEkzt2GO5cMvwcPmNeqqZThT-=Ra-G6XA@mail.gmail.com>
<CA+TgmoYFWGoZVCRVpgwGYSiZhY9PFkC0mrmnYy3acFJ=aU0eEw@mail.gmail.com>
<[email protected]>
<[email protected]>
<CA+TgmoZMX3FvHnnXcuiTTuh=6WY2uW6=QmRWkkNdUwD1T5Zh6g@mail.gmail.com>
<[email protected]>
<[email protected]>
<WM!166b48023e720856eea587c0ad127e5181882abf659ccd483360b19f27293d1addb1d058c6dbdafcbaa946420b35a64b!@asav-3.01.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-hackers>
On 05/06/2015 02:13 PM, Tom Lane wrote:
> Andrew Dunstan <[email protected]> writes:
>> (Personally I think there's a very good case for completely ripping out
>> RFC1413 ident auth. I've not seen it used in a great long while, and
>> it's always been a security risk.)
>
> FWIW, I agree with that --- or at least making it a not-built-by-default
> option.
I have seen it in the last year, actually, but only once, which even for
my personal pool represents < 1% usage. So ...
> Probably the right time to make any such changes is at the same time
> we add the proposed more-secure-than-MD5 password option.
+1 to kill off ident when we replace MD5, since users will need to be
beaten over the head about changes to auth methods anyway.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
view thread (62+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Disabling trust/ident authentication configure option
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox