Return-Path: owner-postman
Received: from localhost.Berkeley.EDU (localhost.Berkeley.EDU [127.0.0.1]) by nobozo.CS.Berkeley.EDU (8.6.9/8.6.3) with SMTP id CAA18808 for postgres-redist; Tue, 29 Nov 1994 02:14:55 -0800
Resent-From: POSTGRES mailing list <postman@postgres.Berkeley.EDU>
Resent-Message-Id: <199411291014.CAA18808@nobozo.CS.Berkeley.EDU>
Sender: owner-postman@postgres.Berkeley.EDU
X-Return-Path: owner-postman
Received: from herland.CS.Berkeley.EDU (herland.CS.Berkeley.EDU [128.32.37.26]) by nobozo.CS.Berkeley.EDU (8.6.9/8.6.3) with ESMTP id CAA18798 for <postgres@postgres.Berkeley.EDU>; Tue, 29 Nov 1994 02:14:54 -0800
Received: from localhost.Berkeley.EDU (localhost.Berkeley.EDU [127.0.0.1]) by herland.CS.Berkeley.EDU (8.6.9/8.6.3) with SMTP id CAA01246; Tue, 29 Nov 1994 02:14:50 -0800
Message-Id: <199411291014.CAA01246@herland.CS.Berkeley.EDU>
X-Authentication-Warning: herland.CS.Berkeley.EDU: Host localhost.Berkeley.EDU didn't use HELO protocol
From: aoki@cs.berkeley.edu (Paul M. Aoki)
To: "Michael Graff" <explorer@iastate.edu>
Cc: postgres@postgres.Berkeley.EDU
Subject: Re: Postgres and Kerberos, take III 
Reply-To: aoki@cs.berkeley.edu (Paul M. Aoki)
In-reply-to: Your message of Wed, 23 Nov 1994 22:30:20 CST 
	     <9411240430.AA20439@tbird.cc.iastate.edu> 
Date: Tue, 29 Nov 94 02:14:50 -0800
X-Sender: aoki@postgres.Berkeley.EDU
Resent-To: postgres-redist@postgres.Berkeley.EDU
X-Mts: smtp
Resent-Date: Tue, 29 Nov 94 02:14:55 -0800
Resent-XMts: smtp

"Michael Graff" <explorer@iastate.edu> writes:
>     means the initial postgres superuser will need to change depending on
>     who is installing it.  I think I can do that by munging the line in
>     global1.bki, right?
> 	Change
> 		insert OID = 0 ( postgres PGUID t t t t )
> 	to
> 		insert OID = 0 ( USER USERUID t t t t )

there are instances of PGUID in local1_template1.bki as well (for
indicating the ownership of the base types, functions, etc.).

> 2)  Have no need to make a postgres kerberos instance.  Doing so with goal #1
>     would make kerberos authentication pointless because the postgres password
>     would need to be widely known, and if anyone can become postgres, anyone
>     can be a superuser, more or less.

if there is no "postgres" user registered in pg_user, you shouldn't
have any need for a kerberos entry for "postgres".
--
  Paul M. Aoki          |  University of California at Berkeley
  aoki@CS.Berkeley.EDU  |  Dept. of EECS, Computer Science Division (#1776) 
                        |  Berkeley, CA 94720-1776

==============================================================================
   To add/remove yourself to/from the POSTGRES mailing list: send mail with 
   the subject line ADD or DEL to "postgres-request@postgres.Berkeley.EDU".
   If this fails, send mail to "post_questions@postgres.Berkeley.EDU" and
   a human will deal with it.  DO NOT post to the "postgres" mailing list.
==============================================================================
              URL: http://s2k-ftp.CS.Berkeley.EDU:8000/postgres/