Re: BUG #1001: Inconsistent authentication between psql and

On Fri, 5 Dec 2003, PostgreSQL Bugs List wrote:

> I use "ident sameuser" authentication. Here are the relevant details from pg_hba.conf.
>
> local all all ident sameuser
> host all all 127.0.0.1 255.255.255.255 ident sameuser
> host all all 0.0.0.0 0.0.0.0 reject
>
> All is well with psql authentication. However, when I tried to
> use knoda/hk_classes to access the database, I could not get
> authenticated. A typical error message was IDENT authentication failed
> for user "irwin". When I traced this down through the hk_classes code
> it was using PQconnectdb to connnect to the database, and there were
> complaints in the postgresql log that the identd server was not
> available. All knoda/hk_classes/PQconnectdb problems disappeared when I
> installed identd (apt-get install pidentd) on my Debian stable system.
> So all seems well when identd is installed, but there may be a security
> concern with psql when it is not. On the other hand, if psql is
> actually secure when identd is not running, then why isn't PQconnectdb
> using the exact same (secure) method of authentication for this case?

My first guess is that knoda/hk_classes was going to 127.0.0.1 and psql
was going through the local socket. local/ident is different from
host/ident (see the section on ident authentication), the latter requires
an ident server, the former does not.