| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | John Scalia <jayknowsunix(at)gmail(dot)com> |
| Cc: | Venkata B Nagothi <nag1010(at)gmail(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: hostnossl in pg_hba.conf demands a password |
| Date: | 2016-11-14 21:52:55 |
| Message-ID: | 13378.1479160375@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
John Scalia <jayknowsunix(at)gmail(dot)com> writes:
> The only entries are a local connection line with md5 authentication specified and a line for local replication with a trust authentication. Both of these entries do seem to be working properly.
So the client is trying an SSL connection first (which would be the
default behavior for libpq at least), and that falls through the
hostnossl line and is captured by the md5 line. Hence you get a
password prompt. The client has no way to know that a non-SSL
connection would have gotten a different response.
You could change the md5 line to hostssl, perhaps. Or configure
the client to try non-SSL first (see sslprefer).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Scalia | 2016-11-14 22:37:07 | Re: hostnossl in pg_hba.conf demands a password |
| Previous Message | John Scalia | 2016-11-14 21:23:05 | Re: hostnossl in pg_hba.conf demands a password |