Skip to content

Instantly share code, notes, and snippets.

@tjdett

tjdett/postgres_and_identd.markdown

Created August 28, 2012 00:04
Show Gist options
  • Save tjdett/3493594 to your computer and use it in GitHub Desktop.
Save tjdett/3493594 to your computer and use it in GitHub Desktop.
Download ZIP
Postgres and Identd on Fedora 17 - HOW-TO
Raw
postgres_and_identd.markdown

Why?

Most commonly because you'd like to use JDBC to connect to your local Postgres server without using password auth. Very quickly you'll realise Unix sockets aren't supported in Java, so you can't use peer authentication.

How?

First, ensure your /var/lib/pgsql/pg_hba.conf uses ident for TCP/IP connections:

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident

Install oidentd using yum:

yum install oidentd -y

Alter /etc/sysconfig/oidentd to force it to listen for IPv6 (using ::):

# Oidentd startup options. See oidentd(8) man page for a complete list.
OIDENTD_OPTIONS="-a :: -u nobody -g nobody"

For use of identd outside of your network, it's probably best to also have some sensible defaults in /etc/oidentd.conf:

default {
  default {
    # Users may not spoof their ID
    deny spoof
    deny spoof_all
    deny spoof_privport
    # They may however opt to hide it or use a random numeric
    allow random_numeric
    allow numeric
    allow hide
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment