Re: 8.4 vs. 9.x: 127.0.0.0/8

From: Felipe Gasper <felipe(at)felipegasper(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: 8.4 vs. 9.x: 127.0.0.0/8
Date: 2015-08-13 05:43:22
Message-ID: 55CC2E7A.7040504@felipegasper.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Dear Martín,

Thank you for leading us to the right solution!

(We’re also suspecting some change in the networking stack from CentOS
6 to 7 may be playing a part here, too, FYI.)

-FG

On 11 Aug 2015 6:30 PM, Martín Marqués wrote:
> I think there might be some misunderstanding here:
>
> El 11/08/15 a las 17:19, Felipe Gasper escribió:
>> Hello all,
>>
>> We are noticing what appears to be a significant difference between
>> PostgreSQL 9.x and 8.4. Not having found documentation that would point
>> us in the direction of a good solution, I thought I’d post our issue here.
>>
>> On CentOS 6 we have postgresql 8.4.20 and the following pg_hba.conf:
>>
>> local samerole all md5
>> host samerole all 127.0.0.200 255.255.255.255 pam
>> pamservice=postgresql_cpses
>> host samerole all 127.0.0.1 255.255.255.255 md5
>> local all postgres md5
>> host all postgres 127.0.0.1 255.255.255.255 md5
>>
>> So connections to 127.0.0.200 are handled by pam, connections to
>> 127.0.0.1 are handled by md5.
>
> No! This means that connections that come from 127.0.0.200 are handled
> by pam, not connection *to*. Same for 127.0.0.1 (which in this case
> means nothing).
>
>> If I run:
>> root(at)jason:/$ psql -h 127.0.0.200 -U pguser
>> Password for user pguser:
>> psql: FATAL: PAM authentication failed for user "pguser"
>
> Which is the source IP where this command is executed.
>
>> You can see it tried to authenticate using PAM authentication.
>>
>> On CentOS 7 we have postgresql 9.2.13 and the following pg_hba.conf:
>>
>> local samerole all md5
>> host samerole all 127.0.0.200 255.255.255.255 pam
>> pamservice=postgresql_cpses
>> host samerole all 127.0.0.1 255.255.255.255 md5
>> local all postgres md5
>> host all postgres 127.0.0.1 255.255.255.255 md5
>>
>> But, running the command above yields a different result:
>> root(at)i-0000764a [/usr/local/cpanel]# psql -h 127.0.0.200 -U pguser
>> Password for user pguser:
>> psql: FATAL: password authentication failed for user "pguser"
>
> Well, which is the IP from where you are running this command?
>
> I guess the answer is in some place around that.
>
> Regards,
>

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Aviel Buskila 2015-08-13 10:29:45 repmgr won't update witness after failover
Previous Message Joshua D. Drake 2015-08-13 03:40:46 Re: Sync replication + high latency server