D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] postgres aaaaaaaarrgh!

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Marvell wrote:
| I can't fix this:
|
| Subject: Cron <postgres@xxxxxxxx> if [ -z "`ps --no-headers -C
pg_autovacuum`"
| +-a -x /usr/lib/postgresql/bin/do.maintenance ]; then
| +/usr/lib/postgresql/bin/do.maintenance -a; fi
|
| Password:
| psql: fe_sendauth: no password supplied
| Password:
| psql: fe_sendauth: no password supplied
|
| I've put in the ~postgres/.pgpass file and all sorts.
|
| I've got this in hba_conf
|
| local   all         postgres      password
|
| I don't want to:
|
| a) not do maintenance

You have to do maintainance every 2 billion transactions of so!

| b) change my hba to not use passwords

Why not just trust the postgres user locally, I mean if it is a rogue
process run as this user your database integrity is zero anyway.

I'm don't think requiring a password in a human readable form in a file
somewhere improves the security any, it merely turns the ability to read
a file you shouldn't into the ability to own a database you shouldn't.

I have all non-postgres users requiring a password.

Something like...

local   all     postgres        trust
local  mydatabase   all             password
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCLJEwGFXfHI9FVgYRAkkfAKDQzpK3eP2agZgu2KqX17pDK424FwCffi2h
0Gzaei0atwpAL8SPMLu5OAE=
=iIEd
-----END PGP SIGNATURE-----

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html