| From: | Kenny H Klatt <kklatt(at)csd(dot)uwm(dot)edu> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Question on ident authorization |
| Date: | 2002-04-07 23:52:46 |
| Message-ID: | 20020407235246.GA23217@alpha3.csd.uwm.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello:
Not sure of where to post this, it's not a bug, more of an
application note.. Using linux and iptables as a firewall, requests for
services are redirected to the machines providing those services, including
postgress. This approach has been in place for over a year, and includes
oracle, postgress, and apache web services. It is not without its issues,
and security is greatly enhanced. On a seperate machine behind the
firewall, the postgress 7.2.1 release was installed for testing and migration.
Inital testing worked well. When it was decided to have applications
normally directed at production try the development instance, ident
authenication failed. All other tests passed, including hostssl
connections. When the firewall redirects traffic to its intended service
provider using the same port postgress is using ident works. When the
ports are not the same, ident authenication fails. User/password and hostssl
connections continue to work though.
I do not know the interchange of communication traffic when
ident authenication is used, and postgress is the only service currently
in use that provides ident authenication. Would anyone know if the ports
need to be identical for ident to function, or is it a definition of how
ident works for postgress?
Ken Klatt
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2002-04-07 23:55:58 | Re: timeout implementation issues |
| Previous Message | Bruce Momjian | 2002-04-07 23:39:13 | Re: Debugging symbols by default |