Re: lug-bg: PostgreSQL
- Subject: Re: lug-bg: PostgreSQL
- From: danchev@xxxxxxxxx (George Danchev)
- Date: Wed, 23 Jan 2002 16:20:43 +0200
On Wednesday 23 January 2002 14:08, you wrote:
> Kakvo obache za secure -to na db?
> kato obiknoven user v linux -a kato exportnesh PGUSER=rootpostgre (ako taka
> se kazva user -a na postgreto da rechem) i to si te logva kato svetaq
> svetih v bazata. Ako li pyk slozha paroli - kato rootpostgre nemoga da se
> logna posmyrtno. Kyde e debelata tynkost, koqto mi e izbegnala ot pogleda?
Primer:
v pg_hba.conf
-----------------
#TYPE DB IP MASK AUTHTYPE AUTH_ARGUMENT
local all crypt
host all 127.0.0.1 255.0.0.0 crypt auth.arg
Ako nqma AUTH_ARGUMENT togava se demona gleda za pass-a v "pg_shadow".
A ako ima AUTH_ARGUMENT - da kazhem file-a auth.arg v $PGDATA dir-a (export
PGDATA=/var/lib/postgres/data ili tam kydeto ti e) . T.e. s:
pg_passwd /var/lib/postgres/data/auth.arg
pg_ctl restart
export PGUSER=kakvoto_si_stesh
psql ...... da vidish kon bob qde li :)
mnogo zavisi kak si zadal da se auth-va tozi "rootpostgre", vizh kakvo to4no
imash v pg_hba.conf za record TYPE (local, host, hostssl - pri poslednite dve
trqbva da poso4ish i -h host kogato se connectvash kym demona) , zavisi i
kakvi AUTHTYPE i AUTH_ARGUMENT ili MAP si zadal.
Imaj predvid 4e ima nqkoj ograni4eniq za AUTHTYPE:
za TYPE "local" mozhe AUTHTYPEs- trust, password, crypt, reject, peer (za
peer imashe nqkakvi ograni4eniq ot OS-a, no mislq 4e Linux ne go pozvolqva)
za TYPE "host" i "hostssl" (poslednoto ako PostgreSQL e kompiliran s SSL
support) mozhe AUTHTYPEs - trust, password, crypt, ident, krb4 i krb5 (ako
PostgreSQL e kompiliran s Kerberos authntication support), no bez _peer_.
--
Greets,
fr33zb1
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|