| From: | David Bear <David(dot)Bear(at)asu(dot)edu> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: hba conf ident sameuser not working |
| Date: | 2006-02-16 00:36:10 |
| Message-ID: | 20060216003610.GD11620@asu.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, Feb 15, 2006 at 11:27:36AM +0100, Peter Eisentraut wrote:
> David Bear wrote:
> > now, when I connection to postgres from remote machines I ssh into
> > the pg server, but I tunnel postgres traffic. The ident sameuser
> > prevents tunneled connections from working.
>
> That is not true. Please give more detail so we can figure out what is
> really wrong.
ok. 2 machine, mine is called teancum. The server running postgresql
is called dbsrv1.
starting with:
==================
iddwb(at)teancum:~> ssh -L 6666:localhost:5432 iddwb(at)dbsrv1
Password:
Last login: Tue Feb 14 20:21:08 2006 from teancum
Have a lot of fun...
iddwb(at)dbsrv1:~> psql
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
iddwb=> \q
iddwb(at)dbsrv1:~> psql -U tlhowell
psql: FATAL: Ident authentication failed for user "tlhowell"
=====================
This is what I expect.
users on dbsrv1 must be who they are.
now, back on teancum that has the tunnel on port 6666, I do this:
===================
iddwb(at)teancum:~> psql -p 6666 -h localhost -U tlhowell
psql: FATAL: Ident authentication failed for user "tlhowell"
iddwb(at)teancum:~> psql -p 6666 -h localhost -U iddwb
psql: FATAL: Ident authentication failed for user "iddwb"
===================
That is with the following pg_hba.conf
==================
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 ident sameuser
===================
Now, if I change the connection for 'host' to use the trust method, I
can connect as any user from psql AFTER I have already authenticated
and setup the ssh tunnel.
>
> --
> Peter Eisentraut
> http://developer.postgresql.org/~petere/
--
David Bear
phone: 480-965-8257
fax: 480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
"Beware the IP portfolio, everyone will be suspect of trespassing"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-02-16 02:00:41 | Re: hba conf ident sameuser not working |
| Previous Message | Simon Riggs | 2006-02-15 21:21:46 | Re: Switch log (WAL) |