| From: | Maz Mohammadi <mmohammadi(at)pentaho(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: confirming security. |
| Date: | 2013-02-22 16:13:54 |
| Message-ID: | 9F992F0A0D9BA04F914597F75435942D09576C4DF5@MBX36.exg5.exghost.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-jdbc |
Ahhh yes....it is now...
===========
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
#local all all trust
# IPv4 local connections:
#host all all 127.0.0.1/32 trust
# IPv6 local connections:
#host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres-xc trust
#host replication postgres-xc 127.0.0.1/32 trust
#host replication postgres-xc ::1/128 trust
hostssl all all 127.0.0.1/32 cert
===========
And the result...
postgres-xc(at)adminuser-VirtualBox:~/coord$ psql -h localhost testdb
psql: FATAL: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", database "testdb", SSL off
Thank you so much!
-----Original Message-----
From: Adrian Klaver [mailto:adrian(dot)klaver(at)gmail(dot)com]
Sent: Friday, February 22, 2013 10:58 AM
To: Maz Mohammadi
Cc: John R Pierce; pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] confirming security.
On 02/22/2013 07:50 AM, Maz Mohammadi wrote:
> Thx John,
>
> It got me a long way. I actually have a more complex installation (I
> think) that I originally thought on my test linux box. Looks like all
> the files that I modify are under /var/lib/post../coord.
>
> I added the line.. to pg_hba.conf
>
> hostssl all all 127.0.0.1/32 cert
>
> and after restarting the coordinator node, it errored because I had to
> modify postgresql.conf (ssl=off) . So I feel that the server is now
> running in SSL mode.
>
> But when I used psql...I'm getting this....
>
> ==============
>
> postgres-xc(at)adminuser-VirtualBox:~/coord$ psql -h localhost testdb
>
> psql (PGXC 1.0.0, based on PG 9.1.4)
>
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>
> Type "help" for help.
>
> testdb=# select 2+2;
>
> ?column?
>
> ----------
>
> 4
>
> (1 row)
>
> testdb=# \q
>
> ==============
>
> It's telling me it's through an SSL connection, but I didn't specify
> any keystore on my side for psql? Does it pick it up from somewhere?
>
> Any help is greatly appreciated J
>
> Postgresql isn't half bad ;)
>
Is the above line from pg_hba.conf the only one in the file?
If not could you post the entire file contents?
Remember in pg_hba.conf first match wins.
--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2013-02-22 16:14:06 | Re: Need help extripating plpgsql |
| Previous Message | Russell Keane | 2013-02-22 16:08:52 | Re: limit based on count(*) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Maz Mohammadi | 2013-02-22 17:43:13 | can't access through SSL |
| Previous Message | Adrian Klaver | 2013-02-22 15:57:42 | Re: confirming security. |