[ADMIN] Issue with pg_ident after password change on v10.0

Поиск
Список
Период
Сортировка
От sighup
Тема [ADMIN] Issue with pg_ident after password change on v10.0
Дата
Msg-id 1449bdb0-2399-bdc0-ed0e-ddf26b15baae@sighup.eu
обсуждение исходный текст
Список pgsql-admin
Hello List.

I am having an issue with pg_ident on v10.1 that I can’t work out. This 
morning after creating a new user account on my postgresql server I 
created an entry in the pg_ident.conf file thus:

OSUName         Loader                PGUserName

In the pg_hba.conf file I added this:

host    dbname         all         192.168.0.20/32         ident map=OSUName

After making these changes I restarted the service using sudo systemctl 
restart postgresql.service (Arch Linux)

Then after modifying my Python code to pass the 
os_environ.get(“USERNAME”) name as the user= value in the 
psycopg2.connect method, and setting the very basic password= value to 
the password I gave when I created the Loader unix account I was denied 
access due to no pg_hba entry for OSUName I then re-edited the file to:

host    dbname         OSUName         192.168.0.20/32         ident 
map=OSUName

And after a restart I was allowed to connect and load data using the 
Python application. With this working I thought it best to provide a 
more secure password so I generated a new one and set it using sudo 
passwd Loader. I then changed the password in the Python, and tried to 
connect but got a FATAL:  Ident authentication failed for user OSUName. 
On seeing this I restarted the postgresql service but I got and continue 
to get this error, even after dumping the Loader account and starting again.

I can login to the postgresql machine using the accounts I've created, 
but regardless of what I do I now can’t get past this FATAL error. I’d 
really appreciate your thoughts on what I have done wrong here as it 
worked before but now simply refuses to.

I appreciate that it says in the documents that this isn’t really the 
best approach but I want (need) a way to allow a remote user (external 
to the LAN) to use my application to load data to the postgresql server 
without providing the real PGUserName to them or in the Python code.

--
Bill


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

В списке pgsql-admin по дате отправления:

Предыдущее
От: Mark Steben
Дата:
Сообщение: Re: [ADMIN] recreating point-in-time recovery when tables are innon-default tablespace
Следующее
От: Rui DeSousa
Дата:
Сообщение: Re: [ADMIN] Vacuum not removing dead tuples