Re: pg_hba.conf change in 7.4

From: Seum-Lim Gan <slgan(at)lucent(dot)com>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: pg_hba.conf change in 7.4
Date: 2003-11-20 17:23:12
Message-ID: p05100301bbe2a820b516@[135.185.171.70]
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi Bruce,

Thanks for the info.
I captured the netstat output below.

Looks like there is a bunch of IPv4 being used.

Any idea how this can be resolved ?

Thanks.

Gan

UDP: IPv6
Local Address Remote Address
State If
--------------------------------- ---------------------------------
---------- -----
localhost.35847 localhost.35847 Connected

TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
localhost.32906 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32906 49152 0 49152 0 ESTABLISHED
localhost.32908 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32908 49152 0 49152 0 ESTABLISHED
localhost.32910 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32910 49152 0 49152 0 ESTABLISHED
localhost.32911 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32911 49152 0 49152 0 ESTABLISHED
localhost.32913 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32913 49152 0 49152 0 ESTABLISHED
localhost.32915 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32915 49152 0 49152 0 ESTABLISHED
localhost.32917 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32917 49152 0 49152 0 ESTABLISHED
localhost.32919 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32919 49152 0 49152 0 ESTABLISHED
localhost.32920 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32920 49152 0 49152 0 ESTABLISHED
localhost.32922 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32922 49152 0 49152 0 ESTABLISHED
localhost.32923 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32923 49152 0 49152 0 ESTABLISHED
localhost.32924 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32924 49152 0 49152 0 ESTABLISHED
localhost.32926 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32926 49152 0 49152 0 ESTABLISHED
localhost.32927 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.32927 49152 0 49152 0 ESTABLISHED
localhost.33086 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.33086 49152 0 49152 0 ESTABLISHED
localhost.33087 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.33087 49152 0 49152 0 ESTABLISHED
localhost.50882 localhost.14502 49152 0 49152 0 ESTABLISHED
localhost.14502 localhost.50882 49152 0 49152 0 ESTABLISHED
localhost.50883 localhost.14500 49152 0 49152 0 ESTABLISHED
localhost.14500 localhost.50883 49152 0 49152 0 ESTABLISHED

At 12:11 pm -0500 2003/11/20, Bruce Momjian wrote:
>Seum-Lim Gan wrote:
>> Hi,
>>
>> In 7.4, I noticed there is this ::1 and ffff: (x8 of them)
>> for IPv6.
>>
>> I looked at the documentation and there is nothing that says
>> what the ::1 is for.
>
>The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost).
>
>> Commenting out that line will prevent access to PostgreSQL
>> from psql unless I put trust for that line.
>>
>> This is what I had in 7.3.4:
>> host all all 127.0.0.1 255.255.255.255
> > ident pspmap
>> local all all password
>> host all all 0.0.0.0 0.0.0.0 reject
>>
>> But in 7.4, it does not work anymore. It seems to want ::1 to be somewhere.
>> If I change the line with ::1 from trust to ident pspmap, it complains that
>> the user cannot be found. But it is in the pspmap. Message fromm psql:
>
>Seems you have an OS that makes all connections IPv6, even IPv4 ones.
>That is why we had to have that line in there. Seems ::1 controls your
>local connections on that platform. Some platforms have distinct IPv4
>and IPv6 connections, so we have to include both lines in the file.
>
>> Right now, I have it set to trust to work around.
>> Any idea what to do about this ?
>>
>> host all all 127.0.0.1 255.255.255.255
>> ident pspmap
>> local all all password
>> host all all 0.0.0.0 0.0.0.0 reject
>> # IPv4-style local connections:
>> #host all all 127.0.0.1 255.255.255.255 trust
>> # IPv6-style local connections:
>> host all all ::1
>> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
>
>Yea, that's about it. My guess is that nothing is coming in via IPv4 on
>your machine so 127.0.0.1 does nothing. Perhaps netstat will show the
>IP address family used.
>
>--
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square, Pennsylvania 19073

--
+--------------------------------------------------------+
| Seum-Lim GAN email : slgan(at)lucent(dot)com |
| Lucent Technologies |
| 2000 N. Naperville Road, 6B-403F tel : (630)-713-6665 |
| Naperville, IL 60566, USA. fax : (630)-713-7272 |
| web : http://inuweb.ih.lucent.com/~slgan |
+--------------------------------------------------------+

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message konf 2003-11-20 17:26:56 tsearch2 installation
Previous Message Bruce Momjian 2003-11-20 17:11:02 Re: pg_hba.conf change in 7.4