2018-07-13 15:19 GMT+02:00 Fabrízio de Royes Mello <fabri...@timbira.com.br> :
> > 2018-07-13 9:01 GMT-03:00 Guillaume Lelarge <guilla...@lelarge.info>: > >> 2018-07-13 13:57 GMT+02:00 <kpi6...@gmail.com>: >> >>> I’d like to disable the TRUST authentication method for certain servers >>> where modification of pg_hba.conf and restarting a service is fairly easy >>> for a number of users. >>> >>> >>> >>> I looked at this example https://wiki.postgresql.org/im >>> ages/e/e3/Hooks_in_postgresql.pdf It appears that creating a >>> ClientAuthentication_hook and call ereport(ERROR) in case that >>> Port->HbaLine contains TRUST would do the job. Is that right? >>> >>> >>> >>> I am aware that this would not make the server entirely secure but it >>> would make it at least a bit more difficult to enter. >>> >>> >>> >> >> I'm not sure this is such a good idea. You may need the trust >> authentication method, for example if you forgot the superuser password. >> Otherwise, there's good chance you might use the ClientAuthentication hook >> to do what you want. >> >> >> > If you're an server admin you can disable the extension (editing > shared_pre_load_libraries GUC), change password and then enable the > extension again... > > That would require a restart. And maybe you can implement a simple way to enable/disable this hook inside > the extension. > > That looks like a better idea. -- Guillaume.
