Saturday, July 5, 2008

Re: [PATCHES] [HACKERS] Solaris ident authentication using unix domain sockets

Robert Treat wrote:
> On Thursday 03 July 2008 14:01:22 Tom Lane wrote:
>
>> Garick Hamlin <ghamlin@isc.upenn.edu> writes:
>>
>>> I have a patch that I have been using to support postgresql's
>>> notion of ident authentication when using unix domain sockets on
>>> Solaris. This patch basically just adds support for using
>>> getupeercred() on Solaris so unix sockets and ident auth works just
>>> like it does on Linux and elsewhere.
>>>
>> Cool.
>>
>>
>
> Hmm... I've always been told that Solaris didn't support this because the
> Solaris developers feel that IDENT is inherently insecure. If that is more
> than just a philosphical opinion, I wonder if there should be additional
> hurdles in place to enable this on that platform. Note that isn't an
> objection from me, though I'm curious if any of the Sun guys want to chime in
> on this.
>
>


We don't actually use the Ident protocol for Unix sockets on any
platform. AIUI, this patch just implements what we do on platforms like
Linux or *BSD.

cheers

andrew

--
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

No comments: