Re: confirming security.

Thx John,

It got me a long way. I actually have a more complex installation (I think) that I originally thought on my test linux box. Looks like all the files that I modify are under /var/lib/post../coord.

I added the line.. to pg_hba.conf

hostssl all all 127.0.0.1/32 cert

and after restarting the coordinator node, it errored because I had to modify postgresql.conf (ssl=off) . So I feel that the server is now running in SSL mode.

But when I used psql...I'm getting this....

==============
postgres-xc(at)adminuser-VirtualBox:~/coord$ psql -h localhost testdb
psql (PGXC 1.0.0, based on PG 9.1.4)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

testdb=# select 2+2;
?column?
----------
4
(1 row)

testdb=# \q
==============

It's telling me it's through an SSL connection, but I didn't specify any keystore on my side for psql? Does it pick it up from somewhere?
Any help is greatly appreciated :)

Postgresql isn't half bad ;)

From: pgsql-general-owner(at)postgresql(dot)org [mailto:pgsql-general-owner(at)postgresql(dot)org] On Behalf Of John R Pierce
Sent: Thursday, February 21, 2013 11:04 PM
To: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] confirming security.

On 2/21/2013 7:55 PM, Maz Mohammadi wrote:

When I start the server, there is no change in the authentication. I can still login using psql for the same person.

did you disable other authentication methods in pg_hba.conf ? I would leave the LOCAL line as peer, and use ssl for HOST lines, then to test, use psql -h localhost .....

--

john r pierce 37N 122W

somewhere on the middle of the left coast