Re: hba conf ident sameuser not working

Поиск
Список
Период
Сортировка
От David Bear
Тема Re: hba conf ident sameuser not working
Дата
Msg-id 20060216003610.GD11620@asu.edu
обсуждение исходный текст
Ответ на Re: hba conf ident sameuser not working  (Peter Eisentraut <peter_e@gmx.net>)
Ответы Re: hba conf ident sameuser not working
Список pgsql-admin
Дерево обсуждения 
On Wed, Feb 15, 2006 at 11:27:36AM +0100, Peter Eisentraut wrote:
> David Bear wrote:
> > now, when I connection to postgres from remote machines I ssh into
> > the pg server, but I tunnel postgres traffic. The ident sameuser
> > prevents tunneled connections from working.
>
> That is not true.  Please give more detail so we can figure out what is
> really wrong.

ok. 2 machine, mine is called teancum. The server running postgresql
is called dbsrv1.


starting with:
==================
iddwb@teancum:~> ssh -L 6666:localhost:5432 iddwb@dbsrv1
Password:
Last login: Tue Feb 14 20:21:08 2006 from teancum
Have a lot of fun...
iddwb@dbsrv1:~> psql
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

iddwb=> \q
iddwb@dbsrv1:~> psql -U tlhowell
psql: FATAL:  Ident authentication failed for user "tlhowell"

=====================

This is what I expect.

users on dbsrv1 must be who they are.

now, back on teancum that has the tunnel on port 6666, I do this:

===================
iddwb@teancum:~> psql -p 6666 -h localhost -U tlhowell
psql: FATAL:  Ident authentication failed for user "tlhowell"
iddwb@teancum:~> psql -p 6666 -h localhost -U iddwb
psql: FATAL:  Ident authentication failed for user "iddwb"

===================

That is with the following pg_hba.conf

==================

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               ident sameuser
# IPv4 local connections:
host    all         all         127.0.0.1/32          ident sameuser
# IPv6 local connections:
host    all         all         ::1/128               ident sameuser

===================

Now, if I change the connection for 'host' to use the trust method, I
can connect as any user from psql AFTER I have already authenticated
and setup the ssh tunnel.

>
> --
> Peter Eisentraut
> http://developer.postgresql.org/~petere/

--
David Bear
phone:     480-965-8257
fax:     480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
 "Beware the IP portfolio, everyone will be suspect of trespassing"

В списке pgsql-admin по дате отправления:

Предыдущее
От: Simon Riggs
Дата:
Сообщение: Re: Switch log (WAL)
Следующее
От: Tom Lane
Дата:
Сообщение: Re: hba conf ident sameuser not working