public inbox for [email protected]
help / color / mirror / Atom feedFrom: James Cassell <[email protected]>
To: PostgreSQL Yum Package List <[email protected]>
Subject: Re: Can we stop defaulting to 'ident'?
Date: Thu, 19 Dec 2019 16:07:47 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Hi,
On Thu, Dec 19, 2019, at 12:32 PM, Stephen Frost wrote:
> Greetings,
>
> * James Cassell wrote:
> > Peer does not work with TCP connections, and I haven't figured how to get,e.g., third-party Java applications working without TCP.
>
> The entire point of peer was to segregate the very insecure 'ident' from
> the actually quite secure 'peer' auth, so, no, it's not going to work
> over TCP connections- that's more-or-less the point.
>
I fail to see how ident over TCP is insecure when used on the localhost address. Can you explain? Otherwise, is there a way to make peer authentication work with TCP connections?
V/r,
James Cassell
view thread (54+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Can we stop defaulting to 'ident'?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox