From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 28 18:25:37 2019 Received: (at 36191) by debbugs.gnu.org; 28 Jun 2019 22:25:37 +0000 Received: from localhost ([127.0.0.1]:43141 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgzJJ-0006TQ-EQ for submit@debbugs.gnu.org; Fri, 28 Jun 2019 18:25:37 -0400 Received: from mira.cbaines.net ([212.71.252.8]:33844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgzJH-0006TG-43 for 36191@debbugs.gnu.org; Fri, 28 Jun 2019 18:25:36 -0400 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 7557417108; Fri, 28 Jun 2019 23:25:31 +0100 (BST) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 7d5c989d; Fri, 28 Jun 2019 22:25:31 +0000 (UTC) References: <20190613135037.10645-1-rob@vllmrt.net> <874l4dlll0.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Baines To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#36191] [PATCH] gnu: postgres service: More secure default permissions. In-reply-to: <874l4dlll0.fsf@gnu.org> Date: Fri, 28 Jun 2019 23:25:31 +0100 Message-ID: <871rzdmjok.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36191 Cc: 36191@debbugs.gnu.org, Robert Vollmert X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hello, > > Robert Vollmert skribis: > >> This changes to 'peer' authentication for local socket connections, >> and password-based authentication for local network connections. >> >> * gnu/services/databases.scm (%default-postgres-hba): Change >> authentication method. > > That sounds reasonable to me. Chris, WDYT? I'm definitely no authority on PostgreSQL authentication, but this sounds sensible to me. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl0Wk9tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XcG8BAAua1MZ3iO/lBa4lHEaUSgZsYljdSbWdnNkvQnGrKGqfIPxfO3r/VD6FeX wp9pclj0az0Hm5RsQ1tFffooUY8CdEi/oTw4Jxk/9uEArC2JKsd4vgSsLgXtpaut uaS2tlGI2OoHuy27O3tDYigYsg54T7cID6ZEOfj6l54RZiTei1wWLMwEj4CNIQi/ JKqQJoY/A0MVatUWoqxgniGG4uiFVVD2ZAkXk0S/gWmqS1VcPma02TLLhV/h21Ng DhVaO2ltJsX0RGHJ7SDybNbXHs6Qf6fewS36CkTN8C6Xgds717ohELXlTCnzBnQh bypVBM7kHL+l5q3k3NLsALWFHkpeUzV4cABpUkcYaR72nIHdkxoy+snIGwFEKJst LiE1U5FgNvtWinT7f7BXSE4BWf+tR6uhyoeuqaLJM7kcwDqK8rPnjm6YoCKT6AO8 66T2QY/paQQHvb0NWHUh7DbBbq1P+E9t5MuKyZ4E3Bp1+nHrr4ESRvXKKsAusjzs ivWy/aYVRURYyudryfIp2JpcKktjh05dvfD6srld87FcTGqncIMQXQB29AQDOG7Y kLehHIWijKFrIpxdapl2VOEJPCgUrZ3qA/A4xSLXw59lMpfczKmM6J/L0kW5GPw+ SbB30ALaKUxbMBWqieFA8mabWXobs/6hwU7nC/ZMHqrsthW+R0g= =klXG -----END PGP SIGNATURE----- --=-=-=--