Обсуждение: ident sameuser failure
Hi all, I have a problem that I am chasing and getting nowhere with. Can anyone help? I have postgresql-7.2.1-5 running as the server on a redhat7.3 box. I am connecting from a redhat8.0 box with postgresql-7.2.2-1 using both psql and pgaccess. My pg_hba.conf looks like this: local all ident sameuser host testuserdb 192.168.0.0 255.255.255.0 ident sameuser host testdb 192.168.0.0 255.255.255.0 password Now the scenenario is like this: User test can connect to database testdb with a password. User testuser cannot connect to database testuserdb and gets these errors psql -h workbench -d testuserdb -U testuser psql: FATAL 1: IDENT authentication failed for user "testuser" on the server I made (as postgres) the users test and testuser, then became each user and created the testdb and testuserdb. I have tried making a usermap in pg_ident.conf testuser testuser testuser and tried the line host testuserdb 192.168.0.0 255.255.255.0 ident testuser But still no change. Testuser can connect if AUTH_TYPE is trust however. Can anyone lend a pinch of advice that may be the problem here? many thanks Stephen. Computer Concepts Limited 25 Leslie Hills Drive PO Box 8744 Riccarton Christchurch, New Zealand Phone: +64-3-348-2500 Fax: +64-3-343-7569 Notice of confidential information: The information contained in this e-mail message is confidential information and may also be legally privileged, intended only for the individual or entity named above. If you are not the intended recipient you are hereby notified that any use, review, dissemination, distribution or copying of this document is strictly prohibited. If you have received this document in error, please immediately notify the sender by telephone and destroy the message. Thank you.
Stephen Harris <sharris@concepts.co.nz> writes:
> User testuser cannot connect to database testuserdb and gets these errors
> psql -h workbench -d testuserdb -U testuser
> psql: FATAL 1: IDENT authentication failed for user "testuser"
Are you in fact running an IDENT server?
If so, try looking in the postmaster's log (stderr output) to get more
info about the problem.
regards, tom lane
Tom Lane wrote: >Stephen Harris <sharris@concepts.co.nz> writes: > > >>User testuser cannot connect to database testuserdb and gets these errors >>psql -h workbench -d testuserdb -U testuser >>psql: FATAL 1: IDENT authentication failed for user "testuser" >> >> > >Are you in fact running an IDENT server? > >If so, try looking in the postmaster's log (stderr output) to get more >info about the problem. > > > I wasnt. I have set that up now and increased the verbosity of logging. Unfortunatly, this has not changed the behaviour at all. ie: Feb 26 14:59:17 workbench postgres[4243]: [20] FATAL 1: IDENT authentication failed for user "testuser" Is there an undocumented feature that requires ident tcp connections to authenticate to postmaster and thereby disabling the sameuser ? Has anyone else had success with this? Best Regards Stephen Computer Concepts Limited 25 Leslie Hills Drive PO Box 8744 Riccarton Christchurch, New Zealand Phone: +64-3-348-2500 Fax: +64-3-343-7569 Notice of confidential information: The information contained in this e-mail message is confidential information and may also be legally privileged, intended only for the individual or entity named above. If you are not the intended recipient you are hereby notified that any use, review, dissemination, distribution or copying of this document is strictly prohibited. If you have received this document in error, please immediately notify the sender by telephone and destroy the message. Thank you.
Stephen Harris <sharris@concepts.co.nz> writes:
> I have set that up now and increased the verbosity of logging.
> Unfortunatly, this has not changed the behaviour at all.
> ie:
> Feb 26 14:59:17 workbench postgres[4243]: [20] FATAL 1: IDENT
> authentication failed for user "testuser"
Hm ... what PG version are you running, and how are you doing logging?
There should definitely be some other informational messages coming out.
But it useta be that those were just fprintf'd to stderr, so if you are
using syslog logging you might lose them. I'd suggest restarting the
postmaster with stderr redirected into a file (and *don't* use the -S
switch).
regards, tom lane
Well, I'll be ...
I changed postmaster to log to a file, but that didnt reveal much.
I upped the syslog vebosity to debug in identd.conf and added an entry
daemon.* /var/log/postmaster.log in syslog.conf.
Then as user sharris I did:
psql -h workbench -d testuserdb -U testuser
While doing tail -f /var/log/postmaster.log
I saw
Feb 27 00:47:05 freeflight identd[20989]: reply to 192.168.0.141:
36458, 5432 : USERID : OTHER :504
So that got me wondering, does the U switch work?
So I su - 'ed testuser and did
psql -h workbench -d testuserdb
I saw
Feb 27 00:49:53 freeflight identd[21082]: reply to 192.168.0.141:
36465, 5432 : USERID : OTHER :testuser
And was given the database shell.
Testusers uid on the client is 1293 and on the server is 501.
However, as soon as I stop identd it stops working.
So you were right, it all comes down to identd, but the U switch in psql
should of worked?
Perhaps I should make the uids match?
Many thanks
Stephen.
Computer Concepts Limited
25 Leslie Hills Drive
PO Box 8744 Riccarton
Christchurch, New Zealand
Phone: +64-3-348-2500
Fax: +64-3-343-7569
Notice of confidential information:
The information contained in this e-mail message is
confidential information and may also be legally privileged,
intended only for the individual or entity named above.
If you are not the intended recipient you are hereby
notified that any use, review, dissemination, distribution
or copying of this document is strictly prohibited.
If you have received this document in error, please
immediately notify the sender by telephone and destroy the
message. Thank you.