[Babase] connecting to psql

Karl O. Pinc babase@www.eco.princeton.edu
Thu, 06 Oct 2005 16:45:18 +0000


On 10/06/2005 11:08:48 AM, Karl O. Pinc wrote:
> 
> On 10/06/2005 10:04:56 AM, Hunter Matthews wrote:
> 
>> 
>> I'm open to suggestions about how to secure user access and still  
>> have
>> a
>> functioning backup system.

Ok, fine.  Here's a better method:

In postgresql.conf do:
listen_addresses = localhost, 127.0.0.2

In pg_hba.conf do:
  host all all 127.0.0.2/32 pam

Configure pam to only allow root, via the pam_rootok module.
  auth required pam_rootok

Have your backup program use the 127.0.0.2 host.

Then pg_hba.conf can do md5 on the local access method.

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein