[Bucardo-general] peer authentication

David Christensen david at endpoint.com
Mon Jul 20 02:25:34 UTC 2020


> On Jul 18, 2020, at 6:40 PM, Computerisms Corporation <bob at computerisms.ca> wrote:
> 
> Hi Folks,
> 
> so I get the impression that bucardo is really meant to run in a password only authentication scheme, but I haven't read any where that peer/ident won't work, and they are listed on the old wiki pages as options.
> 
> I get that I need passwords for remote connections, but I would much prefer if local connections could use peer authentication instead of md5, mostly because I intend to try scripting things for future usage and would avoid more passwords than necessary involved in said script.

Hi Bob,

You should be able to adjust how your local PostgreSQL cluster authenticates (md5 vs peer vs trust, etc) via the pg_hba.conf.

The main thing that is throwing you for a loop currently is there are actually two separate types of connections that are made here: ones from the `bucardo` command-line script, which are made from the user account you run with (so often the “bucardo” user), and ones made from the plperl functions inside the database, which will run with the permissions of the “postgres” user.

I recommend instead of trying to bypass the auth type just using a .pgpass file to store the credentials for the bucardo user, and including that in both ~postgres and ~bucardo (or whatever user is running the `bucardo` control script.

HTH,

David
--
David Christensen
Senior Software and Database Engineer
End Point Corporation
david at endpoint.com
785-727-1171



--
David Christensen
Senior Software and Database Engineer
End Point Corporation
david at endpoint.com
785-727-1171


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://bucardo.org/pipermail/bucardo-general/attachments/20200719/9cc3191f/attachment.sig>


More information about the Bucardo-general mailing list