System test with Postgres using the ident authentication method
I added some unit and system tests to check if Stork supports the main Postgres authentication methods.
I've written unit tests for trust
, peer
, ident
, md5
, and scram-sha-256
.
I tried to write system tests for the above method, and I did it except for ident
.
I failed to configure the ident service. Ident service is a service running on the 113 port that implements RFC 1413.
We use Debian 10.13-slim in our system tests, and no ident service is built-in.
In the apt
repository are available three ident packages:
ident2
oidentd
nullidentd
I checked all, and none of them is helpful in our case.
ident2
runs properly, but it doesn't support IPv6, but the Postgres container tries to connect over this protocol. Due to Postgres running in a Docker container, the configuration capabilities are limited. I couldn't force it to use IPv4 without strongly reconfiguring our system tests' networks.
oidentd
supports IPv6 well, but it didn't run due to failure during dropping root privileges. The problem occurs even if I run the service with a non-root user. I suppose it is a bug that is solved in the newer versions. Unfortunately, the author provides the binary packages on their own webpage. I think it isn't a good practice to link to non-trusted webpages from the system tests' environment, so I abandoned using them. I couldn't build the application from sources because some packages are missing in our current setup, and I didn't want to extend it.
nullidentd
is a fake ident server intended to use with inetd
. It increases the complexity of the solution, so I didn't spend time on it.
I think the best solution is to upgrade the system tests' operating system and use oidentd
.
An alternative is implementing a fake ident service on our own, as the RFC 1413 is a very simple protocol.