| From: | John Scalia <jayknowsunix(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Venkata B Nagothi <nag1010(at)gmail(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: hostnossl in pg_hba.conf demands a password |
| Date: | 2016-11-14 22:37:07 |
| Message-ID: | FADA7A56-4601-4513-8321-551A148EA717@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Thanks, Tom,
I'll check to see if it's trying an SSL comnection, but being that I logged into this server, and I know that I don't have an .ssh subdirectory in my home dir, I didn't think an SSL connection would be tried. We'll see.
Thanks again,
Jay
Sent from my iPad
> On Nov 14, 2016, at 4:52 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> John Scalia <jayknowsunix(at)gmail(dot)com> writes:
>> The only entries are a local connection line with md5 authentication specified and a line for local replication with a trust authentication. Both of these entries do seem to be working properly.
>
> So the client is trying an SSL connection first (which would be the
> default behavior for libpq at least), and that falls through the
> hostnossl line and is captured by the md5 line. Hence you get a
> password prompt. The client has no way to know that a non-SSL
> connection would have gotten a different response.
>
> You could change the md5 line to hostssl, perhaps. Or configure
> the client to try non-SSL first (see sslprefer).
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Poul Kristensen | 2016-11-15 12:49:33 | Re: Postgresql 9.5 committing and log sequence number |
| Previous Message | Tom Lane | 2016-11-14 21:52:55 | Re: hostnossl in pg_hba.conf demands a password |