From: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
---|---|
To: | ron(dot)peterson(at)yellowbank(dot)com |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: ident inconsistency |
Date: | 2003-01-03 12:27:46 |
Message-ID: | 1041596865.19602.251.camel@linda.lfix.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Thu, 2003-01-02 at 18:28, ron(dot)peterson(at)yellowbank(dot)com wrote:
> ident authentication appears to work inconsistently between debian
> stable (7.2.1) and the 7.2.3 postgresql I installed from source on a Red
> Hat 7.3 machine.
>
> Debian doesn't require I run an ident server. My pg_hba.conf contains:
>
> local all ident sameuser
>
> On the installation I compiled myself, that doesn't work. Instead I
> must run an ident server, and do:
>
> host all 127.0.0.1 0.0.0.0 ident sameuser
I suspect the difference arises in the way you are connecting.
Ident authentication for local connections is not the same as ident
authentication for a TCP/IP connection. They do the same jobs but in
different was (which is why I called local authentication 'peer' when I
first wrote it for Debian.)
local authentication does not use an ident server at all. It gets its
information from the Unix socket; so you are actually talking about two
completely different things. If you need a host line to connect, you
must be doing a TCP/IP connection to localhost. If the connection is
attempted with no host at all, it should use a local Unix socket
connection, and then `local all ident sameuser' should work.
If you are trying a local connection with ident sameuser on your
locally-compiled version and that does not work, the likely cause is
that at build time the system thought that Unix sockets could not
support the passing of credentials. The relevant macro is SO_PEERCRED,
which in my (Debian) system is defined in /usr/include/asm/socket.h
But it doesn't seem very likely that this should be wrong.
--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"I love them that love me; and those that seek me early
shall find me." Proverbs 8:17
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Elphick | 2003-01-03 12:31:32 | Re: psql:relocation error:psql:unfefined symbol: PQgetssl |
Previous Message | am | 2003-01-03 11:54:44 | postmaster.pid |