Change the defaults for the pg_hba.conf generated by initdb to "peer"
for local (if supported, else "md5") and "md5" for host.
(Changing from "md5" to SCRAM is left as a separate exercise.)
"peer" is currently not supported on AIX, HP-UX, and Windows. Users
on those operating systems will now either have to provide a password
to initdb or choose a different authentication method when running
initdb.
Reviewed-by: Julien Rouhaud <rjuju123@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/
bec17f0a-ddb1-8b95-5e69-
368d9d0a3390%40postgresql.org
replication connections.
</para>
+ <para>
+ The default is <literal>peer</literal> for Unix-domain socket
+ connections on operating systems that support it, otherwise
+ <literal>md5</literal>, and <literal>md5</literal> for TCP/IP
+ connections.
+ </para>
+
+ <para>
+ When running <command>initdb</command> on a platform that does not
+ support <literal>peer</literal> authentication, either a password must
+ be provided (see <option>-W</option> and other options) or a different
+ authentication method must be chosen, otherwise
+ <command>initdb</command> will error.
+ </para>
+
<para>
Do not use <literal>trust</literal> unless you trust all local users on your
- system. <literal>trust</literal> is the default for ease of installation.
+ system.
</para>
</listitem>
</varlistentry>
</para>
<para>
- However, while the directory contents are secure, the default
- client authentication setup allows any local user to connect to the
- database and even become the database superuser. If you do not
- trust other local users, we recommend you use one of
+ The default client authentication setup is such that users can connect over
+ the Unix-domain socket to the same database user name as their operating
+ system user names (on operating systems that support this, which are most
+ modern Unix-like systems, but not Windows) and otherwise with a password.
+ To assign a password to the initial database superuser, use one of
<command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option>
- or <option>--pwfile</option> options to assign a password to the
- database superuser.<indexterm>
+ or <option>--pwfile</option> options.<indexterm>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- Also, specify <option>-A md5</option> or
- <option>-A password</option> so that the default <literal>trust</literal> authentication
- mode is not used; or modify the generated <filename>pg_hba.conf</filename>
- file after running <command>initdb</command>, but
- <emphasis>before</emphasis> you start the server for the first time. (Other
- reasonable approaches include using <literal>peer</literal> authentication
- or file system permissions to restrict connections. See <xref
- linkend="client-authentication"/> for more information.)
+ This configuration is secure and sufficient to get started. Later, see
+ <xref linkend="client-authentication"/> for more information about setting
+ up client authentication.
</para>
<para>
</para>
</step>
- <step>
- <para>
- At this point, if you did not use the <command>initdb</command> <literal>-A</literal>
- option, you might want to modify <filename>pg_hba.conf</filename> to control
- local access to the server before you start it. The default is to
- trust all local users.
- </para>
- </step>
-
<step>
<para>
The previous <command>initdb</command> step should have told you how to
"# allows any local user to connect as any PostgreSQL user, including\n" \
"# the database superuser. If you do not trust all your local users,\n" \
"# use another authentication method.\n"
-static bool authwarning = false;
/*
* Centralized knowledge of switches to pass to backend
printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));
}
-static void
-check_authmethod_unspecified(const char **authmethod)
-{
- if (*authmethod == NULL)
- {
- authwarning = true;
- *authmethod = "trust";
- }
-}
-
static void
check_authmethod_valid(const char *authmethod, const char *const *valid_methods, const char *conntype)
{
exit(1);
}
- check_authmethod_unspecified(&authmethodlocal);
- check_authmethod_unspecified(&authmethodhost);
+ if (authmethodlocal == NULL)
+ {
+#ifdef HAVE_AUTH_PEER
+ authmethodlocal = "peer";
+#else
+ authmethodlocal = "md5";
+#endif
+ }
+ if (authmethodhost == NULL)
+ authmethodhost = "md5";
check_authmethod_valid(authmethodlocal, auth_methods_local, "local");
check_authmethod_valid(authmethodhost, auth_methods_host, "host");
else
printf(_("\nSync to disk skipped.\nThe data directory might become corrupt if the operating system crashes.\n"));
- if (authwarning)
- {
- printf("\n");
- pg_log_warning("enabling \"trust\" authentication for local connections");
- fprintf(stderr, _("You can change this by editing pg_hba.conf or using the option -A, or\n"
- "--auth-local and --auth-host, the next time you run initdb.\n"));
- }
-
/*
* Build up a shell command to tell the user how to start the server
*/
extern int getpeereid(int sock, uid_t *uid, gid_t *gid);
#endif
+/* must match src/port/getpeereid.c */
+#if defined(HAVE_GETPEEREID) || defined(SO_PEERCRED) || defined(LOCAL_PEERCRED) || defined(HAVE_GETPEERUCRED)
+#define HAVE_AUTH_PEER 1
+#endif
+
#ifndef HAVE_ISINF
extern int isinf(double x);
#else
/* initdb */
header(_("initializing database system"));
snprintf(buf, sizeof(buf),
- "\"%s%sinitdb\" -D \"%s/data\" --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
+ "\"%s%sinitdb\" -D \"%s/data\" -A trust --no-clean --no-sync%s%s > \"%s/log/initdb.log\" 2>&1",
bindir ? bindir : "",
bindir ? "/" : "",
temp_instance,
projects / postgresql.git / commitdiff