The following bug has been logged online:
Bug reference: 5763
Logged by: Kaiting Chen
Email address: kaitocracy@gmail.com
PostgreSQL version: 9.0.1
Operating system: Arch Linux (latest)
Description: pg_hba.conf not honored
Details:
### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'
# Type Database User CIDR-ADDRESS Method
local all psql ident
host all +service 192.168.162.130/32 password
host all all 192.168.162.130/32 gss
### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'
List of roles
Role name | Attributes | Member of
-------------------+-----------------------------------+-----------
kaiting.chen | Superuser, Create role, Create DB | {turtle}
psql | Superuser, Create role, Create DB | {}
service | | {}
turtle | | {}
---
kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
Password:
psql: fe_sendauth: no password supplied
From this pg_hba configuration as the user 'kaiting.chen' is not in role
'service' the second entry in the table should be skipped and he should
authenticate via GSSAPI. However this does not happen.
### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'
# Type Database User CIDR-ADDRESS Method
local all psql ident
host all +turtle 192.168.162.130/32 gss
host all all 192.168.162.130/32 password
### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'
List of roles
Role name | Attributes | Member of
-------------------+-----------------------------------+-----------
kaiting.chen | Superuser, Create role, Create DB | {}
psql | Superuser, Create role, Create DB | {}
service | | {}
turtle | | {}
---
kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
psql (9.0.1)
Type "help" for help.
kaiting.chen=#
From this pg_hba configuration as the user 'kaiting.chen' is no longer in
the role 'turtle' the second entry in the table should be skipped and he
should authenticate via password. However he is granted access to the
server.
Either I am missing something very obvious or this is completely broken.
--Kaiting.