Re: Pet Peeves?

On Thursday 29 January 2009 9:19:15 am rhubbell wrote:
> I'm a new user to PostgreSQL so mine's fresh from doing an install
> recently.
>
>
> In /etc/postgresql/8.3/main/pg_hba.conf
>
> # METHOD can be "trust", "reject", "md5", "crypt", "password", "gss",
> "sspi", # "krb5", "ident", "pam" or "ldap". Note that "password" sends
> passwords # in clear text; "md5" is preferred since it sends encrypted
> passwords.
>
>
> So I chose md5 but it will not work, seems like a basic thing. So I am
> forced to use "trust". These are the kinds of things that wear down
> busy people trying use the software. Maybe this is a documentation
> enhancement or bug.
>

You realize the authentication is done top to bottom? The first line that
matches wins :) So if you have a matching "trust" line before your "md5" line
then it will not use md5.

For a better explanation:

http://www.postgresql.org/docs/8.2/interactive/auth-pg-hba-conf.html

"Each record specifies a connection type, a client IP address range (if relevant
for the connection type), a database name, a user name, and the authentication
method to be used for connections matching these parameters. The first record
with a matching connection type, client address, requested database, and user
name is used to perform authentication. There is no "fall-through" or "backup":
if one record is chosen and the authentication fails, subsequent records are
not considered. If no record matches, access is denied."

--
Adrian Klaver
aklaver(at)comcast(dot)net