On Wed, Feb 15, 2006 at 11:27:36AM +0100, Peter Eisentraut wrote:
> David Bear wrote:
> > now, when I connection to postgres from remote machines I ssh into
> > the pg server, but I tunnel postgres traffic. The ident sameuser
> > prevents tunneled connections from working.
>
> That is not true. Please give more detail so we can figure out what is
> really wrong.
ok. 2 machine, mine is called teancum. The server running postgresql
is called dbsrv1.
starting with:
==================
iddwb@teancum:~> ssh -L 6666:localhost:5432 iddwb@dbsrv1
Password:
Last login: Tue Feb 14 20:21:08 2006 from teancum
Have a lot of fun...
iddwb@dbsrv1:~> psql
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
iddwb=> \q
iddwb@dbsrv1:~> psql -U tlhowell
psql: FATAL: Ident authentication failed for user "tlhowell"
=====================
This is what I expect.
users on dbsrv1 must be who they are.
now, back on teancum that has the tunnel on port 6666, I do this:
===================
iddwb@teancum:~> psql -p 6666 -h localhost -U tlhowell
psql: FATAL: Ident authentication failed for user "tlhowell"
iddwb@teancum:~> psql -p 6666 -h localhost -U iddwb
psql: FATAL: Ident authentication failed for user "iddwb"
===================
That is with the following pg_hba.conf
==================
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 ident sameuser
===================
Now, if I change the connection for 'host' to use the trust method, I
can connect as any user from psql AFTER I have already authenticated
and setup the ssh tunnel.
>
> --
> Peter Eisentraut
> http://developer.postgresql.org/~petere/
--
David Bear
phone: 480-965-8257
fax: 480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
"Beware the IP portfolio, everyone will be suspect of trespassing"