Re: 8.4 vs. 9.x: 127.0.0.0/8

I think there might be some misunderstanding here:

El 11/08/15 a las 17:19, Felipe Gasper escribió:
> Hello all,
>
> We are noticing what appears to be a significant difference between
> PostgreSQL 9.x and 8.4. Not having found documentation that would point
> us in the direction of a good solution, I thought I’d post our issue here.
>
> On CentOS 6 we have postgresql 8.4.20 and the following pg_hba.conf:
>
> local samerole all md5
> host samerole all 127.0.0.200 255.255.255.255 pam
> pamservice=postgresql_cpses
> host samerole all 127.0.0.1 255.255.255.255 md5
> local all postgres md5
> host all postgres 127.0.0.1 255.255.255.255 md5
>
> So connections to 127.0.0.200 are handled by pam, connections to
> 127.0.0.1 are handled by md5.

No! This means that connections that come from 127.0.0.200 are handled
by pam, not connection *to*. Same for 127.0.0.1 (which in this case
means nothing).

> If I run:
> root(at)jason:/$ psql -h 127.0.0.200 -U pguser
> Password for user pguser:
> psql: FATAL: PAM authentication failed for user "pguser"

Which is the source IP where this command is executed.

> You can see it tried to authenticate using PAM authentication.
>
> On CentOS 7 we have postgresql 9.2.13 and the following pg_hba.conf:
>
> local samerole all md5
> host samerole all 127.0.0.200 255.255.255.255 pam
> pamservice=postgresql_cpses
> host samerole all 127.0.0.1 255.255.255.255 md5
> local all postgres md5
> host all postgres 127.0.0.1 255.255.255.255 md5
>
> But, running the command above yields a different result:
> root(at)i-0000764a [/usr/local/cpanel]# psql -h 127.0.0.200 -U pguser
> Password for user pguser:
> psql: FATAL: password authentication failed for user "pguser"

Well, which is the IP from where you are running this command?

I guess the answer is in some place around that.

Regards,

--
Martín Marqués http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services