Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1ihzf6-0001tw-K9
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 19 Dec 2019 17:32:32 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1ihzf5-0006p3-EP
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 19 Dec 2019 17:32:31 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1ihzf5-0006ot-42
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 19 Dec 2019 17:32:31 +0000
Received: from tamriel.snowman.net ([96.255.250.162])
	by makus.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1ihzf2-00059j-PC
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 19 Dec 2019 17:32:29 +0000
Received: by tamriel.snowman.net (Postfix, from userid 1000)
	id 350EE5F799; Thu, 19 Dec 2019 12:32:28 -0500 (EST)
Date: Thu, 19 Dec 2019 12:32:28 -0500
From: Stephen Frost <sfrost@snowman.net>
To: James Cassell <fedoraproject@cyberpear.com>
Cc: PostgreSQL Yum Package List <pgsql-pkg-yum@lists.postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20191219173228.GF3195@tamriel.snowman.net>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <83bdce65-302f-49ef-828a-3831fe11d904@www.fastmail.com>
 <20191219165719.GC3195@tamriel.snowman.net>
 <02c6c7de-e2e2-48cd-94e7-7d65b7196ca5@www.fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="FKNvYlRPwIaB7a7A"
Content-Disposition: inline
In-Reply-To: <02c6c7de-e2e2-48cd-94e7-7d65b7196ca5@www.fastmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--FKNvYlRPwIaB7a7A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Greetings,

* James Cassell (fedoraproject@cyberpear.com) wrote:
> Peer does not work with TCP connections, and I haven't figured how to get,e.g., third-party Java applications working without TCP.

The entire point of peer was to segregate the very insecure 'ident' from
the actually quite secure 'peer' auth, so, no, it's not going to work
over TCP connections- that's more-or-less the point.

Regarding a JDBC connection, you can pass in a "socketFactory", as I
understand it (though I'm no JDBC expert, I'd suggest you address issues
you have with that to the JDBC list):

https://jdbc.postgresql.org/documentation/head/connect.html

Thanks,

Stephen

--FKNvYlRPwIaB7a7A
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJd+7QrAAoJEO1sijiDR2RVLOIP/iWvI5coPhHLN6D/CedkBhu7
U5rm1jnaHgARR03zHWZqStBSlcpwkTUiV3leHjYcTsrikOovGVhlVMaMwBZIwg3r
898eOeXk8YmvPqvAiFnJY4wOrI1MQKtUv2e8cNZnvN7bBKjqvzMnIMj8oh1lbxEj
WvFUzPUO/XDoEDPSfXKFtgJo2eptAvHuCohxt0VqqpPr9MjOpEz57i8JVKT4YZ9P
vMVQCw838A6t+RJd4sxQAzPakgK4xLGoTQgy1RZKysuaYy4uTsiNzfoQ5kku6pCp
O8u2xanEgH/Bh2fFaE0SRuUijs76ohWhfME/2E2kAlb4XwzNf4R1lWcIPvLCC+LW
YVF63+OFDc56Lut4HJpb3A2TK+Cd2FPHgxU+ja4mgZA56ft5j5jS4pT/l8k0+aXz
zehy3ZMCF9eV/rhNdyZzeQuAzThTsdYWwXxAmvaxtFcfhC6GMLY+GBfRD2GnJXbC
12emDmQAivkMXM3iBeYDuYb9P0XtYyF3vb/vBSvQKMKeLqCwR/I7V+8cGkZupMtj
OZwIHuvIlWx32whRqoWkn9bt5mvFnR5xt0UvbA8qBwL15CtG4iovYWHse6qubiqB
iK3aAc+db6dDsnzK7MFHovIGSEnIOBO1iY0IQ9E+vNfpUEhMBpzSLDHz5+79czPV
iDR2ozKz5Ocu8SU89pCo
=r3Uj
-----END PGP SIGNATURE-----

--FKNvYlRPwIaB7a7A--