Re: Connection fails on one system in a address range allowed to connect

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Cc: "Johnson, Bruce E - (bjohnson)" <Johnson(at)pharmacy(dot)arizona(dot)edu>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Connection fails on one system in a address range allowed to connect
Date: 2023-11-22 14:40:40
Message-ID: 1671956.1700664040@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> On Tue, 2023-11-21 at 23:27 +0000, Johnson, Bruce E - (bjohnson) wrote:
>> DBI connect('dbname=webdata;host=dhbpostgres.pharmacy.arizona.edu;port=5432','trav',...) failed: FATAL: password authentication failed for user "trav"
>> FATAL: no pg_hba.conf entry for host "150.135.124.50", user "trav", database "webdata", no encryption at ./pg_test.pl line 8.
>>
>> The pg_hba.conf on the server includes this which should encompass all systems in this VLAN
>> # external 'OldMTM' site range
>> hostssl all all 150.135.124.0/25 password

> "no encryption" does not match a "hostssl" entry.

Yeah. What is probably happening here is that (with the default sslmode)
libpq is trying an SSL connection, that's failing for some reason, and
then it tries a non-SSL connection which definitely fails for lack of
a matching pg_hba.conf entry; and then for some other reason you are
only shown the message concerning the last attempt.

Theory B is that your libpq wasn't compiled with SSL support so it
skips right to the non-SSL attempt.

Laurenz's suggestion of adding sslmode=require is a good debugging
step either way, since it will either tell you for sure that you
are missing SSL support or show you the failure from the single
SSL-enabled attempt. Alternatively, turn on log_connections and
see what the server log captures. (You might need to do that
anyway if the client-side message isn't sufficiently informative.)

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Ron Johnson 2023-11-22 14:53:52 Re: Removing oids with pg_repack
Previous Message Efrain J. Berdecia 2023-11-22 13:33:11 Re: pg_restore enhancements