While it's been discussed elsewhere*, I just tripped over a decidedly odd default in postgresql: it tries to use ident to verify that the role I'm logging in to has the same name as my unix user account, simulating the "peer" authentication available for unix domain sockets. I don't see any history for this, but It make me suspicious, just as it would if I found someone was using rsh and a .rhosts file in a world where we have ssh with keys. The common recommendation is to use "trust", which is even worse than ident. At least ident comes with a conspicuous warning that "The Identification Protocol is not intended as an authorization or access control protocol." Anyone know the back story? The FAQ is unhelpful, the bugs list seems private, and Google finds lots of bad advice (;-)) --dave [* http://www.upfrontsystems.co.za/Members/izak/sysadman/postgresqls-confusing-... http://www.depesz.com/2007/08/18/securing-your-postgresql-database/ ] -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain