Florian,
I'd be *very* interested in how they come to that assessment. I'd have
thought that the only alternative to getpeereid/getupeercred is
password-based or certificate-based authenticated - which seem *less*
secure because a) they also rely on the client having the correct uid
or gid (to
Tom,
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the ident IP
protocol.
The Solaris security kernel folks do, actually. However, there's no
question
Josh Berkus wrote:
Tom,
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the ident IP
protocol.
The Solaris security kernel folks do, actually.
Josh Berkus wrote:
Tom,
Indeed. If the Solaris folk feel that getupeercred() is insecure,
they had better explain why their kernel is that broken. This is
entirely unrelated to the known shortcomings of the ident IP
protocol.
The Solaris security kernel folks do, actually. However,
Robert Treat wrote:
On Thursday 03 July 2008 14:01:22 Tom Lane wrote:
Garick Hamlin [EMAIL PROTECTED] writes:
I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris. This patch basically just
Andrew Dunstan [EMAIL PROTECTED] writes:
Robert Treat wrote:
Hmm... I've always been told that Solaris didn't support this because the
Solaris developers feel that IDENT is inherently insecure.
We don't actually use the Ident protocol for Unix sockets on any
platform.
Indeed. If the
