Обсуждение: Socket & TCP connections
Hi, I'm trying to setup PostgreSQL so that, it will not ask password when connected locally (socket) whereas it will ask when connected using TCP/IP. This should apply ONLY to root account. But this is not working - local all root trust local all all md5 # IPv4 local connections: #host all root 127.0.0.1/32 trust #host all root ::1/128 trust host all all 127.0.0.1/32 md5 host all all ::1/128 md5 I cannot give passwordless access to TCP/IP because then it will become a big security hole using PhpPgAdmin exposed to the public. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
Le 28/03/2010 19:11, Nilesh Govindarajan a écrit : > [...] > I'm trying to setup PostgreSQL so that, it will not ask password when > connected locally (socket) whereas it will ask when connected using > TCP/IP. This should apply ONLY to root account. But this is not working - > > local all root trust > local all all md5 > # IPv4 local connections: > #host all root 127.0.0.1/32 trust > #host all root ::1/128 trust > host all all 127.0.0.1/32 md5 > host all all ::1/128 md5 > > I cannot give passwordless access to TCP/IP because then it will become > a big security hole using PhpPgAdmin exposed to the public. > Could you be more specific on what's not working? the exact error message would be a great help. BTW, your settings are good for local access, but you only allow localhost TCP/IP access. -- Guillaume. http://www.postgresqlfr.org http://dalibo.com
On 03/29/2010 02:51 AM, Guillaume Lelarge wrote: > Le 28/03/2010 19:11, Nilesh Govindarajan a écrit : >> [...] >> I'm trying to setup PostgreSQL so that, it will not ask password when >> connected locally (socket) whereas it will ask when connected using >> TCP/IP. This should apply ONLY to root account. But this is not working - >> >> local all root trust >> local all all md5 >> # IPv4 local connections: >> #host all root 127.0.0.1/32 trust >> #host all root ::1/128 trust >> host all all 127.0.0.1/32 md5 >> host all all ::1/128 md5 >> >> I cannot give passwordless access to TCP/IP because then it will become >> a big security hole using PhpPgAdmin exposed to the public. >> > > Could you be more specific on what's not working? the exact error > message would be a great help. BTW, your settings are good for local > access, but you only allow localhost TCP/IP access. > > There's no error message as such. It doesn't do what is expected - should not ask passwords for localhost. If I connect as psql -U root -d postgres -h localhost, it still asks me for password. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
Hi, it seems to be working now. Can somebody explain to me how ? See this pg_hba.conf - # "local" is for Unix domain socket connections only local all root trust local all all md5 # IPv4 local connections: #host all root 127.0.0.1/32 trust #host all root ::1/128 trust host all all 127.0.0.1/32 md5 host all all ::1/128 md5 Its the same code I think which I wrote previously. But now it asks password when connected through TCP and doesn't when connected directly as psql -d postgres PLZ EXPLAIN !! I'm in a big confusion :? -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
Le 29/03/2010 04:04, Nilesh Govindarajan a écrit : > Hi, it seems to be working now. Can somebody explain to me how ? See > this pg_hba.conf - > > # "local" is for Unix domain socket connections only > local all root trust > local all all md5 > # IPv4 local connections: > #host all root 127.0.0.1/32 trust > #host all root ::1/128 trust > host all all 127.0.0.1/32 md5 > host all all ::1/128 md5 > > Its the same code I think which I wrote previously. But now it asks > password when connected through TCP and doesn't when connected directly > as psql -d postgres > > PLZ EXPLAIN !! I'm in a big confusion :? > You probably forgot to reload the configuration after modifying it, and then someone reloaded it or restarted the server, and PostgreSQL was able to use the new configuration. -- Guillaume. http://www.postgresqlfr.org http://dalibo.com
On 03/29/2010 12:50 PM, Guillaume Lelarge wrote: > Le 29/03/2010 04:04, Nilesh Govindarajan a écrit : >> Hi, it seems to be working now. Can somebody explain to me how ? See >> this pg_hba.conf - >> >> # "local" is for Unix domain socket connections only >> local all root trust >> local all all md5 >> # IPv4 local connections: >> #host all root 127.0.0.1/32 trust >> #host all root ::1/128 trust >> host all all 127.0.0.1/32 md5 >> host all all ::1/128 md5 >> >> Its the same code I think which I wrote previously. But now it asks >> password when connected through TCP and doesn't when connected directly >> as psql -d postgres >> >> PLZ EXPLAIN !! I'm in a big confusion :? >> > > You probably forgot to reload the configuration after modifying it, and > then someone reloaded it or restarted the server, and PostgreSQL was > able to use the new configuration. > > Yeah may be. But I remember issuing killall -HUP postmaster after every change. -- Nilesh Govindarajan Site & Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु !
Nilesh Govindarajan skrev 2010-03-29 04.04: > Hi, it seems to be working now. Can somebody explain to me how ? See > this pg_hba.conf - Did you reload the config, i.e pg_ctl reload, after making changes the first time? Regards, roppert > > # "local" is for Unix domain socket connections only > local all root trust > local all all md5 > # IPv4 local connections: > #host all root 127.0.0.1/32 trust > #host all root ::1/128 trust > host all all 127.0.0.1/32 md5 > host all all ::1/128 md5 > > Its the same code I think which I wrote previously. But now it asks > password when connected through TCP and doesn't when connected directly > as psql -d postgres > > PLZ EXPLAIN !! I'm in a big confusion :? >