agora inbox for postgres@postgres.berkeley.edu
help / color / mirror / Atom feedPostgres and Kerberos, take III
2+ messages / 2 participants
[nested] [flat]
* Postgres and Kerberos, take III
@ 1994-11-23 22:30 Michael Graff <explorer@iastate.edu>
1994-11-29 10:14 ` Re: Postgres and Kerberos, take III Paul M. Aoki <aoki@cs.berkeley.edu>
0 siblings, 1 reply; 2+ messages in thread
From: Michael Graff @ 1994-11-23 22:30 UTC (permalink / raw)
To: legacy
I'm still trying to get a system installed using Kerberos 4 authentication.
Here are my goals. I'm hoping they are all possible. :)
1) Have a standard installation, which will allow multiple installs on
different machines around campus from the same compiled binaries. This
means the initial postgres superuser will need to change depending on
who is installing it. I think I can do that by munging the line in
global1.bki, right?
Change
insert OID = 0 ( postgres PGUID t t t t )
to
insert OID = 0 ( USER USERUID t t t t )
where USER and USERUID are from the person currently running
the initdb script (or a wrapper around initdb, or something)
2) Have no need to make a postgres kerberos instance. Doing so with goal #1
would make kerberos authentication pointless because the postgres password
would need to be widely known, and if anyone can become postgres, anyone
can be a superuser, more or less.
3) Not have anything go wrong. *wishes* ;)
Is my strategy on #1 at least close to correct?
--Michael
--
Michael Graff Iowa State University Computation Center Project Vincent
215 Durham voice: (515) 294-4994 explorer@iastate.edu
Ames, IA 50011 fax: (515) 294-1717 gg.mlg@isumvs.bitnet
==============================================================================
To add/remove yourself to/from the POSTGRES mailing list: send mail with
the subject line ADD or DEL to "postgres-request@postgres.Berkeley.EDU".
If this fails, send mail to "post_questions@postgres.Berkeley.EDU" and
a human will deal with it. DO NOT post to the "postgres" mailing list.
==============================================================================
URL: http://s2k-ftp.CS.Berkeley.EDU:8000/postgres/
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Postgres and Kerberos, take III
1994-11-23 22:30 Postgres and Kerberos, take III Michael Graff <explorer@iastate.edu>
@ 1994-11-29 10:14 ` Paul M. Aoki <aoki@cs.berkeley.edu>
0 siblings, 0 replies; 2+ messages in thread
From: Paul M. Aoki @ 1994-11-29 10:14 UTC (permalink / raw)
To: Michael Graff <explorer@iastate.edu>; +Cc: legacy
"Michael Graff" <explorer@iastate.edu> writes:
> means the initial postgres superuser will need to change depending on
> who is installing it. I think I can do that by munging the line in
> global1.bki, right?
> Change
> insert OID = 0 ( postgres PGUID t t t t )
> to
> insert OID = 0 ( USER USERUID t t t t )
there are instances of PGUID in local1_template1.bki as well (for
indicating the ownership of the base types, functions, etc.).
> 2) Have no need to make a postgres kerberos instance. Doing so with goal #1
> would make kerberos authentication pointless because the postgres password
> would need to be widely known, and if anyone can become postgres, anyone
> can be a superuser, more or less.
if there is no "postgres" user registered in pg_user, you shouldn't
have any need for a kerberos entry for "postgres".
--
Paul M. Aoki | University of California at Berkeley
aoki@CS.Berkeley.EDU | Dept. of EECS, Computer Science Division (#1776)
| Berkeley, CA 94720-1776
==============================================================================
To add/remove yourself to/from the POSTGRES mailing list: send mail with
the subject line ADD or DEL to "postgres-request@postgres.Berkeley.EDU".
If this fails, send mail to "post_questions@postgres.Berkeley.EDU" and
a human will deal with it. DO NOT post to the "postgres" mailing list.
==============================================================================
URL: http://s2k-ftp.CS.Berkeley.EDU:8000/postgres/
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~1994-11-29 10:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
1994-11-23 22:30 Postgres and Kerberos, take III Michael Graff <explorer@iastate.edu>
1994-11-29 10:14 ` Paul M. Aoki <aoki@cs.berkeley.edu>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox