Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1ii326-0002ga-NL
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 19 Dec 2019 21:08:31 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1ii324-0001uS-HB
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 19 Dec 2019 21:08:28 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <fedoraproject@cyberpear.com>)
	id 1ii322-0001p1-HX
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 19 Dec 2019 21:08:28 +0000
Received: from [64.147.123.20] (helo=wout4-smtp.messagingengine.com)
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <fedoraproject@cyberpear.com>)
	id 1ii31x-0006r0-Uo
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 19 Dec 2019 21:08:25 +0000
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
	by mailout.west.internal (Postfix) with ESMTP id 57CD7776;
	Thu, 19 Dec 2019 16:08:10 -0500 (EST)
Received: from imap22 ([10.202.2.72])
  by compute6.internal (MEProxy); Thu, 19 Dec 2019 16:08:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberpear.com;
	 h=mime-version:message-id:in-reply-to:references:date:from:to
	:subject:content-type; s=fm2; bh=7rSdmNvRY/zD4Alb5gNbcVQQ8KMLq0U
	yY95J/LbXWwA=; b=hjoSFcnTRvKGSq0eThdlZYb25JP7XT04/hS7n6b+THogpV2
	amC9H8YZEWfAktwTss4fCkEemGlMVxO0Xpv+Pi3oCkqVWbjWGB/tUjLEK6lORCuR
	CXsicyITzrUZwvxPhdVI3/5ouhsdPQ1MfoFpK61jcymnSkF+aKu6YJrQlRav2Ljq
	XoQpqxz6o+FCjQPMrfIs2bSxKeDkAL3qukjyih5VtysjDTXsfXW/imu72MNXz8bT
	+v5tDTHMun3XEDjCHWe5VIoqDUWFSRYVSQPlSv5K71/bNkT8+LCCyifRxLmBLNQE
	7XHCJR+S5zf2rUj4kpMG88paWu5FQ3lJWPEt9ug==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=7rSdmN
	vRY/zD4Alb5gNbcVQQ8KMLq0UyY95J/LbXWwA=; b=HAP+w+ceKAW86CwMFfDb5i
	80uLZcmRRtRfsrTB8hAOc44yczmwXLIC81IZL+wwN66vI792OEZ2PoEGJ6r1vt4g
	sChttvpZKu/lt2HYEgwH7F7DMKrkLaHMPtMpx4xYwFLR9cC4p286bwpLs9pM/k5e
	1K3fsQ0k08JsZK0An1kOeiZCRD989yFPkpJwMVt1Bfp6QBQowcYDb/eIGMxu0g1N
	Zb4uN5z0BX0Am1iI3NyiGkdOOCVw9UBYp3cQud92nu8ZAiHNC0BBK4eb08fqbDPR
	spqp6CnRauDBXFvDhzUz3CsT3bJ36cilqveQGkItx9U+fCK+QRWZUPzjChaI0o4A
	==
X-ME-Sender: <xms:ueb7XXknEAmDyHe0jyiJNT_X0gXQCDsvZXgg-bXLZjQl2b-lsWgsQg>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedufedrvdduuddgudeggecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesth
    dtredtreertdenucfhrhhomhepfdflrghmvghsucevrghsshgvlhhlfdcuoehfvgguohhr
    rghprhhojhgvtghtsegthigsvghrphgvrghrrdgtohhmqeenucfrrghrrghmpehmrghilh
    hfrhhomhepfhgvughorhgrphhrohhjvggtthestgihsggvrhhpvggrrhdrtghomhenucev
    lhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:ueb7XW414q10OiRnGsNsH-pzNo9QpjPPWcE1cy0Lz7ze8iPSIbGQ8g>
    <xmx:ueb7XY-JKERFCeVziy8e0UcFZfcu7HHyhAWxOfc0iCV28zoDU2vRQg>
    <xmx:ueb7XehoGUfdcrC0P7pAGYY0_wuskJ8V80qTPtNNy8olHUxqWecmBg>
    <xmx:ueb7XXW_Wr0ev1RDZGztYAfmQpd5GdzDfiFOCruhyQbG8kOrHAoC7g>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 818ED668005F; Thu, 19 Dec 2019 16:08:09 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-694-gd5bab98-fmstable-20191218v1
Mime-Version: 1.0
Message-Id: <c10055e1-3534-45be-ba27-a2cc9e259ba8@www.fastmail.com>
In-Reply-To: <20191219173228.GF3195@tamriel.snowman.net>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <83bdce65-302f-49ef-828a-3831fe11d904@www.fastmail.com>
 <20191219165719.GC3195@tamriel.snowman.net>
 <02c6c7de-e2e2-48cd-94e7-7d65b7196ca5@www.fastmail.com>
 <20191219173228.GF3195@tamriel.snowman.net>
Date: Thu, 19 Dec 2019 16:07:47 -0500
From: "James Cassell" <fedoraproject@cyberpear.com>
To: "PostgreSQL Yum Package List" <pgsql-pkg-yum@lists.postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Content-Type: text/plain
X-Host-Lookup-Failed: Reverse DNS lookup failed for 64.147.123.20 (deferred)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk

Hi,

On Thu, Dec 19, 2019, at 12:32 PM, Stephen Frost wrote:
> Greetings,
> 
> * James Cassell wrote:
> > Peer does not work with TCP connections, and I haven't figured how to get,e.g., third-party Java applications working without TCP.
> 
> The entire point of peer was to segregate the very insecure 'ident' from
> the actually quite secure 'peer' auth, so, no, it's not going to work
> over TCP connections- that's more-or-less the point.
> 

I fail to see how ident over TCP is insecure when used on the localhost address. Can you explain? Otherwise, is there a way to make peer authentication work with TCP connections?

V/r,
James Cassell