diff options
author | Robert Vollmert <rob@vllmrt.net> | 2019-06-13 15:50:37 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-07-02 18:33:51 +0200 |
commit | 334a2f4def1d4f9dc37718d847923cd941849607 (patch) | |
tree | 1abc9ae637db2f8e5d5e4c9c6e18afa765f46f56 | |
parent | 9616b81e9861c831159a0e1a5993854b9ad3c3e5 (diff) | |
download | guix-334a2f4def1d4f9dc37718d847923cd941849607.tar guix-334a2f4def1d4f9dc37718d847923cd941849607.tar.gz |
gnu: postgres service: More secure default permissions.
This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.
* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r-- | gnu/services/databases.scm | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 7113f1f2a1..ec31489d48 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2018 Julien Lepiller <julien@lepiller.eu> +;;; Copyright © 2019 Robert Vollmert <rob@vllmrt.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -91,9 +92,9 @@ (define %default-postgres-hba (plain-file "pg_hba.conf" " -local all all trust -host all all 127.0.0.1/32 trust -host all all ::1/128 trust")) +local all all peer +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5")) (define %default-postgres-ident (plain-file "pg_ident.conf" |