Re: Question on ident authorization

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Kenny H Klatt <kklatt(at)csd(dot)uwm(dot)edu>
Cc: <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Question on ident authorization
Date: 2002-04-08 01:13:17
Message-ID: Pine.LNX.4.30.0204072109090.685-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Kenny H Klatt writes:

> Inital testing worked well. When it was decided to have applications
> normally directed at production try the development instance, ident
> authenication failed. All other tests passed, including hostssl
> connections. When the firewall redirects traffic to its intended service
> provider using the same port postgress is using ident works. When the
> ports are not the same, ident authenication fails. User/password and hostssl
> connections continue to work though.

I can't quite picture your setup, but two points: One, the PostgreSQL
server attempts ident authentication over TCP port 113. If there's no
ident server on that port on the client side then authentication fails.
Two, if your firewall is redirecting ident traffic to a dedicated service
provider host, then have it stop doing that because that's not how ident
is supposed to work (or you will have to put in a lot of extra effort to
make it work).

--
Peter Eisentraut peter_e(at)gmx(dot)net

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Christopher Kings-Lynne 2002-04-08 02:05:08 Re: Suggestion for optimization
Previous Message Hiroshi Inoue 2002-04-08 00:33:33 Re: timeout implementation issues