gnu: postgres service: More secure default permissions.

This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.

* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Robert Vollmert 2019-06-13 15:50:37 +02:00 committed by Ludovic Courtès
parent 9616b81e98
commit 334a2f4def
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 4 additions and 3 deletions

View File

@ -5,6 +5,7 @@
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net> ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -91,9 +92,9 @@
(define %default-postgres-hba (define %default-postgres-hba
(plain-file "pg_hba.conf" (plain-file "pg_hba.conf"
" "
local all all trust local all all peer
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 md5
host all all ::1/128 trust")) host all all ::1/128 md5"))
(define %default-postgres-ident (define %default-postgres-ident
(plain-file "pg_ident.conf" (plain-file "pg_ident.conf"