Re: BUG #6251: cannot create roles that can actually login

From: Craig Ringer <ringerc(at)ringerc(dot)id(dot)au>
To: nirodha <erikwinnmail(at)yahoo(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #6251: cannot create roles that can actually login
Date: 2011-10-12 02:45:46
Message-ID: 4E94FF5A.3080102@ringerc.id.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On 10/11/2011 04:01 PM, nirodha wrote:
>
> The following bug has been logged online:
>
> Bug reference: 6251
> Logged by: nirodha
> Email address: erikwinnmail(at)yahoo(dot)com
> PostgreSQL version: 8.4
> Operating system: ubuntu
> Description: cannot create roles that can actually login
> Details:
>
> I literally cut and paste the commands from the manual to create a role
> after about two hours of repetition and reading .. yes, "with login" "with
> login password 'foo'", whatever. Tried createuser - I have to be honest; 3
> hours later and I am ready to go back to MySQL. Documentation is sparse

If there are specific holes in the documentation it'd be *extremely*
useful to hear about them, as it's not easy for people who already know
Pg well to spot areas that need better documentation to help people new
to Pg. Please be specific if you can.

The documentation at
http://www.postgresql.org/docs/9.1/interactive/index.html has been in
my experience pretty complete and I've been very happy with it, so I'm a
bit surprised to hear your comment. I'd love to know more about areas
you found lacking.

> there is no forum on the site

There's a strong preference for mailing lists in most of the community,
but I think eventually a forum will be necessary because many people are
stopping using email and mailing lists.

There's a lot of activity on Stack Overflow, and on the EnterpriseDB web
forums, so there's more than just the mailing list to play with. That
said, I think most of the experts hang out here.

Personally I loathe forums, and am strongly disinclined to use them
unless they're gatewayed to a mailing list. With a forum, I have to go
to it and check it periodically. With a mailing list, it comes to me and
I can manage it in the same UI as all sorts of other things.

> I am a bit disappointed after all the hype
> about how great postgres is .. 3 hours later and I cant even create a user
> that can login!

I'm surprised by that one.

Is your pg_hba.conf set to the defaults? If so, I think on Ubuntu you'll
be using `ident' authentication by default, so the PostgreSQL username
would need to be the same as the system username. If that's not what you
want, change to using `md5' authentication to force the use of a password.

For what it's worth, I found the default ident auth a bit confusing when
I first started using PostgreSQL. I wish there was a way to do fallback
from ident to md5, so that if ident auth fails the client can auth using
md5 password exchange. As it is, the behavior or rejecting auth when an
apparently valid password is provided - because it's never actually used
- is not very user friendly.

Being able to support something like "md5,ident" as an auth type in
pg_hba.conf would be great. Unfortunately, it's not currently supported.

By the way, it's generally preferable to email the
pgsql-general(at)postgresql(dot)org mailing list; this is a bug report form.

--
Craig Ringer

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message STIEG Heimo 2011-10-12 06:40:43 Re: BUG #6247: Freeswitch will crash after 2-3 days within odbc connection
Previous Message Craig Ringer 2011-10-12 02:16:52 Re: BUG #6246: character encoding for 64 bit