Caleb Cushing's Blog Also known as XenoTerraCide
Posts with the tag authentication:

PostgreSQL initial setup (authentication) Part 2

| 265 words | authentication postgresql
I ran into so problems and lack of information with my last post on this topic. Firstly my syntax for local all all to local all all ident devel doesn’t seem to work in my current setup. It’s possible that it has something to do with the configuration of the Debian/Ubuntu server I was basing that against, and now my targets are Arch Linux and Slackware. So our goal here will be to provide an alternate user that can log in as postgres via ident.
 READ MORE 

Bypassing disabled accounts with KDM

| 217 words | Arch security authentication kdm pam accounts hall of shame kde kde4
So the most common way of disabling an account in a unix system is changing the users shell in /etc/passwd to /bin/false or /sbin/nologin. However, I’ve discovered on Arch Linux that if I do this only shell login’s are disabled, I was still able to log the user in with gui via kdm. I also tried using usermod –expiredate 1. this was not effective either however. the only way I found to lock the account from kdm login was to do a passwd -l accountname, which only locks password authentication.
 READ MORE 

PostgreSQL initial setup (authentication)

| 321 words | database security authentication postgresql
If you followed my last initial setuppost on creating users and are running a default install of postgres you currently should be able to access the database on your cli. However, many distributions do not install postgres in a default manner. A great many distributions make the default authentication for sockets ident sameuser. This is technically much more secure than trustwhich is the default. However, you may find yourself locked out of your database on the local cli if you make the database name different.
 READ MORE 

More Security = Better. Wrong!

| 523 words | security authentication passwords postgresql
So I just had a discussion on #ubuntu-server on freenode about why my not having a password to connect to postgresql via a socket (read local cli) is insecure. So I asked them, how exactly is it that someone is going to get this access? The answer “there are bad people on the Internet”. I’m sure many people right now are agreeing with them and thinking I’m crazy. Let’s discuss my setup though shall we.
 READ MORE