Tom Lane wrote: > Robert Treat <[EMAIL PROTECTED]> writes: >> Did you mean s/trust/ident/g, otherwise I don't think I understand the >> above... > > Both trust and ident local auth are sources of risk for this, although > ident is particularly nasty since the DBA probably thinks he's being > secure. > > For that matter, I'm not sure that *any* auth method except password > offers much security against the problem; don't LDAP and Kerberos > likewise rely mostly on process-level identity? And possibly PAM > depending on which PAM plugin you're using?
LDAP is not affected - it requires the user to enter a password. Same would be for any PAM plugins that actually require the user to enter a password, I think. Kerberos is not affected either, because the server does not get a copy of the ticket. In theory it could be affected if the server requested a delegation enabled ticket, and exported it so it could be used, but none of these are done. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
