From: | "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com> |
---|---|
To: | "Adrian Klaver" <aklaver(at)comcast(dot)net> |
Cc: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>, "Craig Ringer" <craig(at)postnewspapers(dot)com(dot)au>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Fwd: Restarting with pg_ctl, users, and passwords. |
Date: | 2008-08-20 21:27:35 |
Message-ID: | 82ba77b80808201427l3961c370t960a1e1539e51de8@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
So, since I run my CGI under a non-'postgres' user, is that the line
that would govern my authentication, and then fail me? Because I
thought with 'postgres' listed as the 3rd spot, this line would not
apply, and would move on to a different governing rule...
On Wed, Aug 20, 2008 at 4:21 PM, Adrian Klaver <aklaver(at)comcast(dot)net> wrote:
> -------------- Original message ----------------------
> From: "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com>
>> would the 'ident sameuser' entry qualify as a 'some non-functional
>> authentication method'?
>
> Yes. Basically you only get one shot at each connection to satisfy the requirements of a pg_hba line. The lines are read top to bottom, so if you have restrictive line at the top that your connection cannot satisfy then you are locked out. As has been mentioned on Linux the default action is to connect via the local socket in the absence of a host name/ip in the connection string.So in your case with no host specified the connection would attempt a socket connection. The first socket line is:
> local all postgres ident sameuser
>
> so you would need to be logged in as the Linux user postgres to make the connection.
>
>>
>>
>>
>> On Wed, Aug 20, 2008 at 3:48 PM, Adrian Klaver <aklaver(at)comcast(dot)net> wrote:
>> >
>> > -------------- Original message ----------------------
>> > From: aklaver(at)comcast(dot)net (Adrian Klaver)
>> >> -------------- Original message ----------------------
>> >> From: "Matthew Pettis" <matthew(dot)pettis(at)gmail(dot)com>
>> >> > SOLVED.
>> >> >
>> >> > Yep, Restart was done.
>> >> >
>> >> > The issue turned out not to be with Postgresql config, but the app
>> >> > config. In the app, I define a connection string, which has user,
>> >> > password, and databasename. When I had this same configuration on
>> >> > WinXP, I did not need to specify a fourth parameter, the host, which
>> >> > explicitly told the app to use host=localhost. When I added the host
>> >> > param to the connection string, it all went through.
>> >> >
>> >> > On the bright side, I learned a lot about how to restart the service
>> >> > and the config files...
>> >> >
>> >> > Curious: Any ideas why I can leave the host off my connection string
>> >> > in WinXP, but not Linux? It it an idiosyncracy of my app, or of
>> >> > PostgreSQL?
>> >> >
>> >> > Thanks for all the help,
>> >> > Matt
>> >> >
>> >> Is the Linux app running on the Postgres server machine?
>> >> If so I hazard a guess that you have a line like:
>> >>
>> >> local all all trust
>> >
>> > Should have been:
>> >
>> > local all all some non-functional
>> authentication method
>> >
>> > this would cause the connection to the socket to fail assuming the
>> authentication method selected did not work.
>> >
>> >>
>> >> before your host line in pg_hba.
>> >>
>> >> The app connecting from the same machine would try the local socket (local)
>> >> before the localhost(tcp/ip), unless localhost was specified in the
>> connection
>> >> string.
>> >>
>> >>
>> >>
>> >> --
>> >> Adrian Klaver
>> >> aklaver(at)comcast(dot)net
>> >>
>> >>
>> >>
>
>
>
> --
> Adrian Klaver
> aklaver(at)comcast(dot)net
>
>
--
It is from the wellspring of our despair and the places that we are
broken that we come to repair the world.
-- Murray Waas
From | Date | Subject | |
---|---|---|---|
Next Message | Martin Gainty | 2008-08-20 21:39:23 | Re: Silent install 8.3 diiffers from 8.2 |
Previous Message | Adrian Klaver | 2008-08-20 21:21:27 | Re: Fwd: Restarting with pg_ctl, users, and passwords. |