From: | Sanjay Minni <sanjay(dot)minni(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Cc: | daniel(at)yesql(dot)se |
Subject: | Re: Multiple connections over VPN password fail error |
Date: | 2024-02-09 09:14:17 |
Message-ID: | CAMpxBonZJ_a6YyAEwXXrULOwYwp7DSko3+K1KWb=80b4jQrNDw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
so why do I get a password error when i try to connect 2 users over VPN
from the same machine to the same host with the following settings in
pg_dba.conf - how to find the issue
( user1:user1pwd@<vpnip/database> & user2:user2pwd@<vpnip/database> )
# IPv4 external connections thru VPN
#TYPE DATABASE USER ADDRESS METHOD
host all all <ip> scram-sha-256
and whats the best option keeping security in mind
regards
Sanjay
On Fri, Feb 9, 2024 at 1:26 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay(dot)minni(at)gmail(dot)com> wrote:
>
> > while trying to make multiple connects with different role names to a
> single database over VPN i faced a password error issue when trying to
> connect a send user
> > It seems I had to change this line in pg_hba.conf and it worked:
> >
> > `# IPv4 external connections thru VPN
> > #TYPE DATABASE USER ADDRESS METHOD
> > host all all <ip> trust ` <=(from the earlier
> scram-sha-256)
> >
> > is this the way and is this correct from a security point of view ?
>
> While correctness and security always needs to be evaluated from the
> specific
> needs of an installation, the odds are pretty good that "No" is the correct
> answer here. To quote the documentation on the "trust" setting:
>
> "Allow the connection unconditionally. This method allows anyone
> that
> can connect to the PostgreSQL database server to login as any
> PostgreSQL user they wish, without the need for a password or any
> other
> authentication."
>
> I would recommend immediately reverting back to the scram-sha-256 setting
> and
> figuring out why you were unable to login.
>
> --
> Daniel Gustafsson
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Sanjay Minni | 2024-02-09 09:34:36 | Re: Multiple connections over VPN password fail error |
Previous Message | Daniel Gustafsson | 2024-02-09 07:56:54 | Re: Multiple connections over VPN password fail error |