On Wed, Jan 08, 2020 at 02:53:47AM +0000, tsunakawa.ta...@fujitsu.com wrote: > From: David Fetter <da...@fetter.org> > > > But I see two problems with the proposed approach: (1) initdb > > > doesn't support setting up SSL, so the only thing you can achieve > > > here is to reject all TCP/IP connections, until you have set up SSL. > > > > I don't believe any special setup is needed to require TLS for the > > connection, which is what this patch handles in a straightforward way. > > I think this feature can be useful because it's common to reject remote > non-TLS connections. Eliminating the need to script for pg_hba.conf is > welcome. Setting GUC parameters just after initdb is relatively easy, > because we can simply add lines at the end of postgresql.conf. But > pg_hba.conf is not because the first matching entry is effective. > > In terms of rejecting non-secure remote connections, should > hostgssenc/hostnogssenc also be handled similarly?
Yes, and they are in the enclosed patch. > > > (2) The default pg_hba.conf only covers localhost connections. > > > > As of this patch, it can be asked to cover all connections. > > + <term><option>--auth-hostssl=<replaceable > class="parameter">authmethod</replaceable></option></term> > + <listitem> > + <para> > + This option specifies the authentication method for users via > fg > + TLS connections used in <filename>pg_hba.conf</filename> > + (<literal>hostssl</literal> lines). > + </para> > + </listitem> > > The relationship between --auth/--auth-local/--auth-host and > --auth-hostssl/--auth-hostnossl is confusing. The former is for local > connections, and the latter is for remote ones. Can we just add "remote" in > the above documentation? Done. > Plus, you're adding the first option to initdb that handles remote > connections. As the following execution shows, it doesn't warn about using > "trust" for remote connections. > > > $ initdb --auth=md5 --pwprompt --auth-hostssl=trust --auth-hostnossl=trust > ... > syncing data to disk ... ok > > Success. You can now start the database server using: > > pg_ctl -D /tuna/pg2 -l logfile start > > > > I think we should emit a warning message like the following existing one: > > -------------------------------------------------- > initdb: warning: enabling "trust" authentication for local connections > You can change this by editing pg_hba.conf or using the option -A, or > --auth-local and --auth-host, the next time you run initdb. > - > initdb: warning: enabling "trust" authentication Done. Best, David. -- David Fetter <david(at)fetter(dot)org> http://fetter.org/ Phone: +1 415 235 3778 Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
