Обсуждение: BUG #12260: trust entry in pg_hba not working as documented

The following bug has been logged on the website:

Bug reference:      12260
Logged by:          Paul De Audney
Email address:      pauld@jobready.com.au
PostgreSQL version: 9.3.5
Operating system:   Ubuntu 14.04 LTS
Description:

I have the following pg_hba entry on a PostgreSQL server (10.A.B.C)

host repmgr all 10.X.Y.Z/32 trust

(the user repmgr was created using "createuser --login --superuser repmgr"
via the postgres system account)

On the host 10.X.Y.Z I am attempting to connect to PgSQL using this
command:

psql -h 10.A.B.C -U repmgr -d mydb

And this requests a password and then fails on a empty password or non-valid
password that I input. I am expecting authentication to work successfully
due to the use of the "trust" auth method.

When I comment out my pg_hba entry
host all all 10.X.Y.Z/24 md5

(this pg_hba entry is after my trust entry, if that matters)

I receive the following client side error:

psql: FATAL:  no pg_hba.conf entry for host "10.A.B.C", user "repmgr",
database "mydb", SSL on
FATAL:  no pg_hba.conf entry for host "10.A.B.C", user "repmgr", database
"mydb", SSL off

Which to me indicates that the trust entry in the pg_hba is not being parsed
by PostgreSQL at all.

When I set a password on the repmgr role and use that, authentication does
work. Which at the moment I am "working around my insecure intent" by using
a pgpass.

On 12/17/2014 02:53 PM, pauld@jobready.com.au wrote:
> I have the following pg_hba entry on a PostgreSQL server (10.A.B.C)
>
> host repmgr all 10.X.Y.Z/32 trust
>
> (the user repmgr was created using "createuser --login --superuser repmgr"
> via the postgres system account)

You mixed up the "database" and "user" columns in pg_hba.conf. The
syntax is:

# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]

So your trust-entry above applies to all users connecting to "repmgr"
database. Try:

host all repmgr 10.X.Y.Z/32 trust

- Heikki