Re: hba conf ident sameuser not working

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: David(dot)Bear(at)asu(dot)edu
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-admin(at)postgresql(dot)org
Subject: Re: hba conf ident sameuser not working
Date: 2006-02-16 02:00:41
Message-ID: 21927.1140055241@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

David Bear <David(dot)Bear(at)asu(dot)edu> writes:
> now, back on teancum that has the tunnel on port 6666, I do this:

> iddwb(at)teancum:~> psql -p 6666 -h localhost -U tlhowell
> psql: FATAL: Ident authentication failed for user "tlhowell"
> iddwb(at)teancum:~> psql -p 6666 -h localhost -U iddwb
> psql: FATAL: Ident authentication failed for user "iddwb"

I'm afraid you're kind of stuck on getting that to work. In the cases
that work, psql is executing on the server side of the ssh connection.
Here, you want it to work on the client side. The problem is that the
Postgres server is going to see that TCP connection as originating from
a server-side sshd daemon process, and so ident is quite properly going
to fail unless the requested database username matches whatever sshd is
running as.

You could possibly get it to work if you could get sshd to run the
daemon subprocess as yourself instead of root ... dunno enough about
ssh to know if that's possible.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Jerry Sievers 2006-02-16 15:36:01 Dropping of indexes with cached PL query plans
Previous Message David Bear 2006-02-16 00:36:10 Re: hba conf ident sameuser not working