On 1/27/2017 7:03 AM, Wietse Venema wrote: > Jeremy T. Bouse: >>> https://www.postgresql.org/docs/current/static/libpq-pgservice.html >>> https://www.postgresql.org/docs/current/static/libpq-connect.html >>> https://www.postgresql.org/docs/current/static/libpq-pgpass.html >>> >>> I need to test that. >>> >>> Regards, >>> Christoph >> This would seem like a much cleaner and secure means by which to do >> it and provide additional configuration options in the process but I'd >> be curious how it might be affected when using proxy:pgsql:* as well as >> simply pgsql:* mappings. > You could set PGPASSFILE via main.cf:export_environment, and set > permissions (group read for 'postfix'). > > But, there is no need for passwords in main.cf; If you configure > the table as pgsql:/path/to/file, you can reduce access permission > for that file. > > Wietse Wietse,
Are you saying that Postfix will already honor a pgpass file if we
export the filename as PGPASSFILE and specify that using 'postconf -e
export_environment = PGPASSFILE=/path/to/pgpass' ?
What I already have in my existing configuration are a series of
pgsql_*.cf files that follow the syntax like the following for my
virtual alias maps:
user = <DBUSER>
password = <DBPASS>
dbhost = <DBHOST>
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = true
If I could simply create a pgpass file and set PGPASSFILE to point
to it that contains:
<DBHOST>:5432:*:<DBUSER>:<DBPASS>
Then leave out the user and password from the .cf files that would
be precisely the solution I was looking for. Now you mentioned
configuring the table as pgsql:/path/to/file would that also work if
using proxy:pgsql:/path/to/file
smime.p7s
Description: S/MIME Cryptographic Signature
