Re: Postgres and Kerberos, take III

agora inbox for postgres@postgres.berkeley.edu  
help / color / mirror / Atom feed

From: Paul M. Aoki <aoki@cs.berkeley.edu>
To: Michael Graff <explorer@iastate.edu>
Cc: postgres@postgres.Berkeley.EDU
Subject: Re: Postgres and Kerberos, take III
Date: Tue, 29 Nov 94 02:14:50 -0800
Message-ID: <199411291014.CAA01246@herland.CS.Berkeley.EDU> (raw)
In-Reply-To: <9411240430.AA20439@tbird.cc.iastate.edu>

"Michael Graff" <explorer@iastate.edu> writes:
>     means the initial postgres superuser will need to change depending on
>     who is installing it.  I think I can do that by munging the line in
>     global1.bki, right?
> 	Change
> 		insert OID = 0 ( postgres PGUID t t t t )
> 	to
> 		insert OID = 0 ( USER USERUID t t t t )

there are instances of PGUID in local1_template1.bki as well (for
indicating the ownership of the base types, functions, etc.).

> 2)  Have no need to make a postgres kerberos instance.  Doing so with goal #1
>     would make kerberos authentication pointless because the postgres password
>     would need to be widely known, and if anyone can become postgres, anyone
>     can be a superuser, more or less.

if there is no "postgres" user registered in pg_user, you shouldn't
have any need for a kerberos entry for "postgres".
--
  Paul M. Aoki          |  University of California at Berkeley
  aoki@CS.Berkeley.EDU  |  Dept. of EECS, Computer Science Division (#1776) 
                        |  Berkeley, CA 94720-1776

==============================================================================
   To add/remove yourself to/from the POSTGRES mailing list: send mail with 
   the subject line ADD or DEL to "postgres-request@postgres.Berkeley.EDU".
   If this fails, send mail to "post_questions@postgres.Berkeley.EDU" and
   a human will deal with it.  DO NOT post to the "postgres" mailing list.
==============================================================================
              URL: http://s2k-ftp.CS.Berkeley.EDU:8000/postgres/

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: postgres@postgres.berkeley.edu
  Cc: aoki@cs.berkeley.edu, explorer@iastate.edu
  Subject: Re: Postgres and Kerberos, take III
  In-Reply-To: <199411291014.CAA01246@herland.CS.Berkeley.EDU>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox