Re: Fwd: Restarting with pg_ctl, users, and passwords.

-------------- Original message ----------------------
From: "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com>
> So, since I run my CGI under a non-'postgres' user, is that the line
> that would govern my authentication, and then fail me? Because I
> thought with 'postgres' listed as the 3rd spot, this line would not
> apply, and would move on to a different governing rule...

Sorry I was being thick. I failed to see the second local line. Yes it should pick either the next local line if no host is specified or the next host line if one is specified.

>
> On Wed, Aug 20, 2008 at 4:21 PM, Adrian Klaver <aklaver(at)comcast(dot)net> wrote:
> > -------------- Original message ----------------------
> > From: "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com>
> >> would the 'ident sameuser' entry qualify as a 'some non-functional
> >> authentication method'?
> >
> > Yes. Basically you only get one shot at each connection to satisfy the
> requirements of a pg_hba line. The lines are read top to bottom, so if you have
> restrictive line at the top that your connection cannot satisfy then you are
> locked out. As has been mentioned on Linux the default action is to connect via
> the local socket in the absence of a host name/ip in the connection string.So in
> your case with no host specified the connection would attempt a socket
> connection. The first socket line is:
> > local all postgres ident sameuser
> >
> > so you would need to be logged in as the Linux user postgres to make the
> connection.
> >
> >>
> >>
> >>
> >> On Wed, Aug 20, 2008 at 3:48 PM, Adrian Klaver <aklaver(at)comcast(dot)net> wrote:
> >> >
> >> > -------------- Original message ----------------------
> >> > From: aklaver(at)comcast(dot)net (Adrian Klaver)
> >> >> -------------- Original message ----------------------
> >> >> From: "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com>
> >> >> > SOLVED.
> >> >> >
> >> >> > Yep, Restart was done.
> >> >> >
> >> >> > The issue turned out not to be with Postgresql config, but the app
> >> >> > config. In the app, I define a connection string, which has user,
> >> >> > password, and databasename. When I had this same configuration on
> >> >> > WinXP, I did not need to specify a fourth parameter, the host, which
> >> >> > explicitly told the app to use host=localhost. When I added the host
> >> >> > param to the connection string, it all went through.
> >> >> >
> >> >> > On the bright side, I learned a lot about how to restart the service
> >> >> > and the config files...
> >> >> >
> >> >> > Curious: Any ideas why I can leave the host off my connection string
> >> >> > in WinXP, but not Linux? It it an idiosyncracy of my app, or of
> >> >> > PostgreSQL?
> >> >> >
> >> >> > Thanks for all the help,
> >> >> > Matt
> >> >> >
> >> >> Is the Linux app running on the Postgres server machine?
> >> >> If so I hazard a guess that you have a line like:
> >> >>
> >> >> local all all trust
> >> >
> >> > Should have been:
> >> >
> >> > local all all some non-functional
> >> authentication method
> >> >
> >> > this would cause the connection to the socket to fail assuming the
> >> authentication method selected did not work.
> >> >
> >> >>
> >> >> before your host line in pg_hba.
> >> >>
> >> >> The app connecting from the same machine would try the local socket
> (local)
> >> >> before the localhost(tcp/ip), unless localhost was specified in the
> >> connection
> >> >> string.
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Adrian Klaver
> >> >> aklaver(at)comcast(dot)net
> >> >>
> >> >>
> >> >>
> >
> >
> >
> > --
> > Adrian Klaver
> > aklaver(at)comcast(dot)net
> >
> >

--
Adrian Klaver
aklaver(at)comcast(dot)net