From: | Sanjay Minni <sanjay(dot)minni(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Cc: | daniel(at)yesql(dot)se |
Subject: | Re: Multiple connections over VPN password fail error |
Date: | 2024-02-09 09:34:36 |
Message-ID: | CAMpxBo=5gM5RQtD4bQx1tpiQq0kpiwe4WUj1nqw4RzZJdxuBug@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi,
for the second user/role over vpn
even with md5 I get the error:
P3Error PostgreSQL password authentication failed for user "<seconduser>"
am only able to connect if method is "trust". Why is this so
# IPv4 external connections thru VPN
#TYPE DATABASE USER ADDRESS METHOD
host all all <ip> scram-sha-256 (or "md5" -
second user is only able to connect if this is "trust"
regards
Sanjay
On Fri, Feb 9, 2024 at 2:44 PM Sanjay Minni <sanjay(dot)minni(at)gmail(dot)com> wrote:
> so why do I get a password error when i try to connect 2 users over VPN
> from the same machine to the same host with the following settings in
> pg_dba.conf - how to find the issue
> ( user1:user1pwd@<vpnip/database> & user2:user2pwd@<vpnip/database> )
>
> # IPv4 external connections thru VPN
> #TYPE DATABASE USER ADDRESS METHOD
> host all all <ip> scram-sha-256
> and whats the best option keeping security in mind
>
> regards
> Sanjay
>
>
> On Fri, Feb 9, 2024 at 1:26 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>> > On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay(dot)minni(at)gmail(dot)com> wrote:
>>
>> > while trying to make multiple connects with different role names to a
>> single database over VPN i faced a password error issue when trying to
>> connect a send user
>> > It seems I had to change this line in pg_hba.conf and it worked:
>> >
>> > `# IPv4 external connections thru VPN
>> > #TYPE DATABASE USER ADDRESS METHOD
>> > host all all <ip> trust ` <=(from the
>> earlier scram-sha-256)
>> >
>> > is this the way and is this correct from a security point of view ?
>>
>> While correctness and security always needs to be evaluated from the
>> specific
>> needs of an installation, the odds are pretty good that "No" is the
>> correct
>> answer here. To quote the documentation on the "trust" setting:
>>
>> "Allow the connection unconditionally. This method allows anyone
>> that
>> can connect to the PostgreSQL database server to login as any
>> PostgreSQL user they wish, without the need for a password or any
>> other
>> authentication."
>>
>> I would recommend immediately reverting back to the scram-sha-256 setting
>> and
>> figuring out why you were unable to login.
>>
>> --
>> Daniel Gustafsson
>>
>>
From | Date | Subject | |
---|---|---|---|
Next Message | Laurenz Albe | 2024-02-09 11:59:37 | Re: Multiple connections over VPN password fail error |
Previous Message | Sanjay Minni | 2024-02-09 09:14:17 | Re: Multiple connections over VPN password fail error |